Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

103 matches found

Prion
Prionadded 2022/12/01 6:15 p.m.17 views

Sql injection

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

3.3CVSS4.7AI score0.00353EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/12/01 6:15 p.m.13 views

Sql injection

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

4CVSS5.2AI score0.00462EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/12/01 12:0 a.m.19 views

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

2.7CVSS4.8AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/12/01 12:0 a.m.6 views

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

2.7CVSS7.7AI score0.00353EPSS
Exploits0References1
Veeam
Veeamadded 2022/10/27 12:0 a.m.16 views

How to Re-Initialize Veeam Backup for Salesforce Configuration Database Connection

Purpose This article documents how to change which account Veeam Backup for Salesforce uses to connect to its configuration database. Solution Scenario 1: Change Database Credentials When Existing Connection is Functioning This scenario assumes the current connection to the database is valid and...

6.6AI score
Exploits0Affected Software1
NCSC
NCSCadded 2022/08/15 12:0 a.m.1 views

Vulnerabilities fixed in apache OpenOffice

Apache Software Foundation has fixed vulnerabilities in OpenOffice. The vulnerabilities allow a malicious person with access to the system to retrieve user passwords stored in a user's configuration database. The vulnerabilities involve weak encryption on this configuration database. Apache has...

8.8CVSS7AI score0.00437EPSS
Exploits0
Cvelist
Cvelistadded 2022/08/13 6:40 a.m.24 views

CVE-2022-37401 Apache OpenOffice Weak Master Keys

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...

8.7AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/08/13 6:40 a.m.14 views

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

8.1AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/08/13 12:0 a.m.1 views

PT-2022-23974 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the master key used for encrypting stored passwords is poorly encoded, reducing its entropy from 128 to 43 bits. This makes the stored passwords...

8.8CVSS8.5AI score0.00437EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2022/08/03 12:0 a.m.98 views

LibreOffice < 7.2.7 / 7.3 < 7.3.3 Multiple Vulnerabilities (Windows)

According to its self-reported version, the LibreOffice application running on the remote host is prior to 7.2.7 or 7.3.3. It is, therefore, affected by multiple vulnerabilities: - LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored...

8.8CVSS8AI score0.0045EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2022/08/03 12:0 a.m.43 views

LibreOffice < 7.2.7 / 7.3 < 7.3.3 Multiple Vulnerabilities (macOS)

According to its self-reported version, the LibreOffice application running on the remote host is prior to 7.2.7 or 7.3.3. It is, therefore, affected by multiple vulnerabilities: - LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored...

8.8CVSS8AI score0.0045EPSS
Exploits0References4
CNVD
CNVDadded 2022/07/27 12:0 a.m.29 views

LibreOffice encryption problem vulnerability

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

7.5CVSS2.1AI score0.0045EPSS
Exploits0References1
OSV
OSVadded 2022/07/25 3:15 p.m.2 views

UBUNTU-CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

8.8CVSS7.3AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVDadded 2022/07/25 12:0 a.m.1 views

LibreOffice 安全特征问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

7.5CVSS5.6AI score0.0045EPSS
Exploits0References11
Debian CVE
Debian CVEadded 2022/07/25 12:0 a.m.45 views

CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

8.8CVSS8.6AI score0.00288EPSS
Exploits0
Cvelist
Cvelistadded 2022/07/25 12:0 a.m.24 views

CVE-2022-26307 Weak Master Keys

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

8.7AI score0.00288EPSS
Exploits0References3
Cvelist
Cvelistadded 2022/05/17 11:21 a.m.13 views

CVE-2021-42644

cmseasy V7.7.520211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file config / configdatabase can be read through this vulnerability...

6.6AI score0.00356EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2022/05/17 4:54 a.m.24 views

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS7AI score0.00274EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/17 4:54 a.m.20 views

GHSA-5FJ8-WH3G-QVQ2 TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS6.3AI score0.00274EPSS
Exploits0References5
FreeBSD
FreeBSDadded 2022/02/25 12:0 a.m.36 views

Apache OpenOffice -- master password vulnerabilities

The Apache Openoffice project reports: Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization...

8.8CVSS3.4AI score0.0045EPSS
Exploits0References1
Rows per page
Query Builder