5 matches found
CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...
GHSA-WJPQ-6766-7F5J CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
An unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware...
DEBIAN-CVE-2021-22946
A user can tell curl = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line orCURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL withlibcurl. This requirement could be bypassed if the server would return a...
Design/Logic Flaw
Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or...