Lucene search
K

223 matches found

RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.3 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.3 views

The vulnerability of the com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a attacker to execute arbitrary code.

The vulnerability of the com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary co...

8.1CVSS7.4AI score0.08072EPSS
Exploits0References9Affected Software12
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.3 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References4
OSV
OSV
added 2020/06/14 9:15 p.m.2 views

DEBIAN-CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References1
OSV
OSV
added 2020/06/14 9:15 p.m.8 views

UBUNTU-CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS6.8AI score0.08607EPSS
Exploits0References5
OSV
OSV
added 2020/06/14 8:15 p.m.0 views

DEBIAN-CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References1
OSV
OSV
added 2018/12/17 3:29 p.m.3 views

CVE-2018-19810

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter...

6.1CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2018/12/17 3:29 p.m.6 views

CVE-2018-19820

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter...

6.1CVSS5.8AI score0.01081EPSS
Exploits2References2
OSV
OSV
added 2018/12/17 3:29 p.m.6 views

CVE-2018-19649

XSS exists in InfoVista VistaPortal SE Version 5.1 build 51029. VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter...

6.1CVSS5.8AI score0.01058EPSS
Exploits2References2
OSV
OSV
added 2018/12/13 4:29 p.m.3 views

CVE-2018-13815

A vulnerability has been identified in SIMATIC S7-1200 All versions, SIMATIC S7-1500 All Versions V2.6. An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be abl...

7.5CVSS5.7AI score0.01799EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/12/13 4:0 p.m.25 views

CVE-2018-13815

A vulnerability has been identified in SIMATIC S7-1200 All versions, SIMATIC S7-1500 All Versions V2.6. An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be abl...

7.3AI score0.01799EPSS
Exploits0References2
CNVD
CNVD
added 2018/12/11 12:0 a.m.2 views

Infovista VistaPortal SE Cross-Site Scripting Vulnerability (CNVD-2019-07220)

Infovista VistaPortal SE is a Web-based application from Infovista USA. A cross-site scripting vulnerability exists in the /VPortal/mgtconsole/GroupMove.jsp page in Infovista VistaPortal SE version 5.1 build 51029, which can be exploited by a remote attacker to inject arbitrary Web code with the...

6.1CVSS6.3AI score0.01081EPSS
Exploits2References1
OSV
OSV
added 2018/11/09 5:49 p.m.22 views

GHSA-CFW5-V7CW-69CW Credential leak in org.apache.directory.api:apache-ldap-api

In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contain...

9.8CVSS9.3AI score0.0531EPSS
Exploits0References10
Prion
Prion
added 2018/07/10 1:29 p.m.11 views

Server side request forgery (ssrf)

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...

5CVSS9.3AI score0.0531EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2018/07/10 1:29 p.m.5 views

CVE-2018-1337

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...

9.8CVSS5.7AI score0.0531EPSS
Exploits0References8
Metasploit
Metasploit
added 2017/11/21 9:21 p.m.191 views

Slowloris Denial of Service Attack

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the...

7.1AI score
Exploits0
NVD
NVD
added 2017/04/11 2:59 p.m.13 views

CVE-2016-10259

Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...

5.9CVSS5.7AI score0.01453EPSS
Exploits0References3
OSV
OSV
added 2017/04/11 2:59 p.m.4 views

CVE-2016-10259

Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...

5.9CVSS5.8AI score0.01453EPSS
Exploits0References3
Prion
Prion
added 2017/04/11 2:59 p.m.14 views

Denial of service

Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...

4.3CVSS7AI score0.01453EPSS
Exploits0References3Affected Software4
Rows per page
Query Builder