1043 matches found
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
PT-2020-10171 · Grafana +4 · Grafana +4
Name of the Vulnerable Software and Affected Versions: Grafana versions 6.4.3 and earlier Description: The issue allows an authenticated attacker with privileges to modify data source configurations to read arbitrary files. This can be exploited by an attacker who has the necessary permissions to...
The vulnerability in the `createImageBitmap` function of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to a data source confirmation error, allows attackers to disclose protected information.
The vulnerability of the createImageBitmap function in Firefox, Firefox ESR, and the Thunderbird email client involves reading images from various sources, which violates the company’s policies. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of the Firefox browser’s Upgrade-Insecure-Requests specification, related to a data source confirmation error, allows a hacker to access confidential data and compromise its integrity.
The vulnerability of the Upgrade-Insecure-Requests specification in the Firefox browser is related to a data source confirmation error. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project allows a malicious actor to gain unauthorized access to information or cause service failures.
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to information...
The vulnerability of the implementation of the polymorphic data typing mechanism in the jackson-databind library allows a attacker to execute malicious loads.
The vulnerability of the Jackson-Databind library’s polymorphic data typing mechanism is related to deficiencies in input data processing. Exploiting this vulnerability could allow a malicious actor to execute malicious operations using the com.p6spy.engine.spy.P6DataSource class...
CVE-2019-17335
The CVE-2019-17335 issue affects TIBCO Spotfire Analytics Platform for AWS Marketplace (v10.6.0) and TIBCO Spotfire Server (7.11.7 and older; 7.12.0–7.14.0; 10.0.0–10.6.0). The data access layer could allow an attacker with library save privileges to access data cached from a data source or part ...
The vulnerability of the FasterXML function (com.zaxxer.hikari.HikariDataSource) in the Jackson-Databind JSON file parsing library allows a attacker to gain full control over the system.
The vulnerability of the FasterXML function com.zaxxer.hikari.HikariDataSource in the Jackson-Databind JSON parsing library involves memory corruption due to the incorrect structure of data being restored. Exploiting this vulnerability could allow an attacker to gain full control over the system...
OWOX, Inc.: The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.
Hi team, This is another report with 732987. Because it is completely independent Detail -- In the process of selecting the data source at https://bi.owox.com/ui/settings/connected-services/setup/, I found a reflected XSS. Specifically, when you click on Google Analytics, a page will appear for y...
CVE-2019-15635
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...
DEBIAN-CVE-2019-16943
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...
DEBIAN-CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
UBUNTU-CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
GHSA-85CW-HJ65-QQV9 Polymorphic Typing issue in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...
CVE-2019-15635
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...
CVE-2019-15635
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...
CVE-2019-15635
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...