1043 matches found
CVE-2019-19499
Grafana = 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...
CVE-2019-19499
Grafana
CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...
UBUNTU-CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...
Description of the security update for SharePoint Server 2019: July 14, 2020
Description of the security update for SharePoint Server 2019: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see KB 4571413...
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
Server side request forgery (ssrf)
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
PT-2020-13229 · Redash · Redash
Name of the Vulnerable Software and Affected Versions: Redash open-source versions 8.0.0 and prior Description: An authenticated Server-Side Request Forgery SSRF was discovered via the JSON data source. This issue provides flexibility in crafting HTTP requests, such as adding headers and selectin...
CVE-2020-0115
creationtimestamp| type| source ---|---|--- 2020-06-10 22:55:32+00:00| seen| https://t.me/cibsecurity/12660...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Design/Logic Flaw
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
CVE-2020-9410 TIBCO JasperReports Library
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
CVE-2020-9410
The CVE-2020-9410 issue affects TIBCO JasperReports components (Library, ActiveMatrix BPM variants, Server variants) and is caused by insufficient input validation leading to HTML injection in the report output. This can let a remote attacker who views a maliciously crafted report execute scripts...
PT-2020-4877 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Library versions 7.1.1 and below, 7.2.0, 7.2.1, 7.3.0, 7.5.0 TIBCO JasperReports Library for ActiveMatrix BPM versions 7.1.1 and below TIBCO JasperReports Server versions 7.1.1 and below, 7.2.0, 7.5.0 TIBCO JasperReports...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...