DEBIAN-CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...

UBUNTU-CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

PT-2021-3168 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 Description: The issue is related to the interaction between serialization gadgets and typing, specifically involving the org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

DEBIAN-CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

FasterXML jackson-databind code issue vulnerability

FasterXML jackson-databind is a JAVA-based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in versions...

Information Disclosure

DBI module is vulnerable to information disclosure. Local attackers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN...

CVE-2020-25463

creationtimestamp| type| source ---|---|--- 2020-12-04 20:27:15+00:00| seen| https://t.me/cibsecurity/17161...

OPENSUSE-SU-2020:2051-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues: - DBD::File drivers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. bsc1176492, CVE-2014-10401, CVE-2014-10402 This update was imported from the SUSE:SLE-15:Update update...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server programs relates to a data source validation error, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server is related to a data source validation error. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2020-27625

creationtimestamp| type| source ---|---|--- 2020-11-16 18:37:46+00:00| seen| https://t.me/cibsecurity/16359...

grafana: XSS via the OpenTSDB datasource

A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...

grafana: arbitrary file read via MySQL data source

Grafana has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...

Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 6.7.4. BZ1807323 Security Fixes: grafana: XSS vulnerability via a column style on the "Dashboard Table Panel...

UBUNTU-CVE-2020-24303

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource...

Yandex Browser Access Control Error Vulnerability

Yandex Browser is a desktop version of the web browser from the Russian company Yandex. Yandex Browser suffers from a security vulnerability that originates from a critical information vulnerability incorrectly displayed in the user interface UI on the address bar, which can be exploited by an...

Yandex Browser Information Disclosure Vulnerability

Yandex Browser is a desktop version of the web browser from the Russian company Yandex. Yandex Browser suffers from an information disclosure vulnerability that originates from a critical information vulnerability that is incorrectly displayed in the user interface UI on the address bar, which ca...

CVE-2020-7370

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions...

CVE-2020-7363

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

CVE-2020-7364

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...