223 matches found
jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
The vulnerability of the com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a attacker to execute arbitrary code.
The vulnerability of the com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary co...
jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
DEBIAN-CVE-2020-14060
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...
UBUNTU-CVE-2020-14060
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...
DEBIAN-CVE-2020-14062
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...
CVE-2018-19810
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter...
CVE-2018-19820
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter...
CVE-2018-19649
XSS exists in InfoVista VistaPortal SE Version 5.1 build 51029. VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter...
CVE-2018-13815
A vulnerability has been identified in SIMATIC S7-1200 All versions, SIMATIC S7-1500 All Versions V2.6. An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be abl...
CVE-2018-13815
A vulnerability has been identified in SIMATIC S7-1200 All versions, SIMATIC S7-1500 All Versions V2.6. An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be abl...
Infovista VistaPortal SE Cross-Site Scripting Vulnerability (CNVD-2019-07220)
Infovista VistaPortal SE is a Web-based application from Infovista USA. A cross-site scripting vulnerability exists in the /VPortal/mgtconsole/GroupMove.jsp page in Infovista VistaPortal SE version 5.1 build 51029, which can be exploited by a remote attacker to inject arbitrary Web code with the...
GHSA-CFW5-V7CW-69CW Credential leak in org.apache.directory.api:apache-ldap-api
In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contain...
Server side request forgery (ssrf)
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
CVE-2018-1337
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
Slowloris Denial of Service Attack
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the...
CVE-2016-10259
Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...
CVE-2016-10259
Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...
Denial of service
Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...