CVE-2025-42978 Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

CVE-2025-42978 Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

CVE-2025-42978

The CVE-2025-42978 entry concerns SAP NetWeaver Application Server Java and a flaw in outbound TLS connections: the component may not reliably compare the remote server’s hostname with the wildcard in the server certificate, potentially causing connections to a malicious TLS server and leading to...

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

CVE-2024-42978

creationtimestamp| type| source ---|---|--- 2024-08-15 20:09:04+00:00| seen| https://t.me/cvedetector/3261...

CVE-2024-42978

CVE-2024-42978 affects the Tenda FH1206 router (version v02.03.01.35). The vulnerability lies in the handler function for /goform/telnet, where insufficient input sanitization allows remote attackers to execute arbitrary commands via a crafted HTTP request. CVSS v3.1 base score 9.8 (CRITICAL) wit...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

CVE-2022-42978

The vulnerability CVE-2022-42978 affects the Netic User Export add-on for Atlassian Confluence prior to version 1.3.5. The root cause is mishandled authorization, allowing an unauthenticated attacker to access files on the remote system. Impact is unauthorized file access. Remediation: upgrade to...

XDcms suffers from SQL injection vulnerability (CNVD-2021-42978)

XDcms is a general purpose content management system. XDcms suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...