33 matches found
Hibernate Reactive security vulnerability
Hibernate Reactive is a reactive API interface provided by the Hibernate company. There is a security vulnerability in Hibernate Reactive, which stems from the ability of remote clients to prematurely close HTTP connections. This could lead to the leakage of database connection pools, potentially...
Improper Resource Shutdown or Release
Overview org.jenkins-ci.main:cli is a Command line interface for Jenkins. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP-based CLI connections. An attacker can cause the service to become unavailable by sending corrupted connection streams,...
EUVD-2025-37393
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service DoS condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s...
CVE-2025-63561
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service DoS condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s...
CVE-2025-20268
CVE-2025-20268 describes a vulnerability in Cisco Secure Firewall Threat Defense (FTD) Software’s Geolocation-Based Remote Access (RA) VPN feature. An unauthenticated, remote attacker could bypass configured HTTP access policies based on country/region due to incomplete URL parsing, enabling acce...
CentOS 8 : libreoffice (CESA-2023:0089)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0089 advisory. - libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation CVE-2022-26305 - libreoffice: Static Initialization Vector Allows t...
undertow: Server identity in https connection is not checked by the undertow client
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...
SUSE CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open...
libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...
RHEL 8 : libreoffice (RHSA-2023:0089)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0089 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
CVE-2022-3480
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...
CVE-2022-33321
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...
Ubuntu: Security Advisory (USN-5694-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-37437
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions...
Design/Logic Flaw
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...
CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...
CVE-2022-26306
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...
CVE-2022-26306
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...
CVE-2022-26306
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...
LibreOffice 安全漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. A security vulnerability exists in LibreOffice version 7.2 up to and including version 7.2.7, and version...