2745 matches found
samba: group policy certificate enrollment uses http:// without validation
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...
firefox: thunderbird: Use-after-free in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...
CVE-2020-37250
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...
EUVD-2020-31251
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...
Astra Linux – Vulnerability in libcommons-net-java
Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...
MAL-2026-6075 Malicious code in opt-archetype-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...
firefox: Same-origin policy bypass in the Networking: HTTP component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...
CVE-2026-46961
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2026-46934
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-46859
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Security. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...
CVE-2026-46812
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2026-35319
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
firefox: Same-origin policy bypass in the Networking: HTTP component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...
firefox: Same-origin policy bypass in the Networking: HTTP component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...
EUVD-2026-37022
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
PT-2026-50067
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials...
PT-2026-50061
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...