CVE-2021-1870

creationtimestamp| type| source ---|---|--- 2021-01-27 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=543 2021-11-08 08:58:17+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-05...

CVE-2021-1353

creationtimestamp| type| source ---|---|--- 2021-01-20 22:33:28+00:00| seen| https://t.me/cibsecurity/22456...

CVE-2021-21242

creationtimestamp| type| source ---|---|--- 2021-01-16 00:51:28+00:00| seen| https://t.me/cibsecurity/22233...

CVE-2021-3121

creationtimestamp| type| source ---|---|--- 2021-01-11 12:45:18+00:00| seen| https://t.me/cibsecurity/21896 2024-01-15 19:46:59+00:00| seen| https://t.me/arpsyndicate/2803...

DEBIAN-CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...

UBUNTU-CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

PT-2021-3168

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 Description The issue is related to the interaction between serialization gadgets and typing, specifically involving the org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

DEBIAN-CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

FasterXML jackson-databind code issue vulnerability

FasterXML jackson-databind is a JAVA-based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in versions...

Information Disclosure

DBI module is vulnerable to information disclosure. Local attackers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN...

CVE-2020-25463

creationtimestamp| type| source ---|---|--- 2020-12-04 20:27:15+00:00| seen| https://t.me/cibsecurity/17161...

OPENSUSE-SU-2020:2051-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues: - DBD::File drivers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. bsc1176492, CVE-2014-10401, CVE-2014-10402 This update was imported from the SUSE:SLE-15:Update update...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server programs relates to a data source validation error, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server is related to a data source validation error. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2020-27625

creationtimestamp| type| source ---|---|--- 2020-11-16 18:37:46+00:00| seen| https://t.me/cibsecurity/16359...

grafana: arbitrary file read via MySQL data source

Grafana has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...

grafana: XSS via the OpenTSDB datasource

A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity...

Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 6.7.4. BZ1807323 Security Fixes: grafana: XSS vulnerability via a column style on the "Dashboard Table Panel...

UBUNTU-CVE-2020-24303

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource...

Yandex Browser Access Control Error Vulnerability

Yandex Browser is a desktop version of the web browser from the Russian company Yandex. Yandex Browser suffers from a security vulnerability that originates from a critical information vulnerability incorrectly displayed in the user interface UI on the address bar, which can be exploited by an...