CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

Debian•added 2019/05/21 12:59 p.m.•135 views

[SECURITY] [DLA 1798-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...

7.5CVSS8.5AI score0.21949EPSS

Exploits2

UbuntuCve•added 2019/05/17 5:29 p.m.•26 views

CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS6.8AI score0.21949EPSS

Exploits2References6

Prion•added 2019/05/17 5:29 p.m.•27 views

Design/Logic Flaw

5CVSS8AI score0.21949EPSS

Exploits2References41Affected Software2

NVD•added 2019/05/17 5:29 p.m.•32 views

CVE-2019-12086

7.5CVSS8.2AI score0.21949EPSS

Exploits2References41

OSV•added 2019/05/17 5:29 p.m.•21 views

CVE-2019-12086

7.5CVSS7.3AI score

Exploits0References41

Cvelist•added 2019/05/17 4:57 p.m.•36 views

CVE-2019-12086

8.2AI score0.21949EPSS

Exploits2References41

CVE•added 2019/05/17 4:57 p.m.•355 views

CVE-2019-12086

CVE-2019-12086 involves a polymorphic typing issue in FasterXML jackson-databind 2.x prior to 2.9.9. When Default Typing is enabled for an externally exposed JSON endpoint and a victim service has mysql-connector-java (8.0.14 or earlier) on the classpath, an attacker can send a crafted JSON to re...

7.5CVSS8.2AI score0.21949EPSS

Exploits2References41Affected Software1

Positive Technologies•added 2019/05/16 12:0 a.m.•9 views

PT-2019-2927 · Mysql Server +4 · Mysql Connector/J +4

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.9 Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled for an externally exposed JSON endpoint and the service has the...

10CVSS8AI score0.45205EPSS

Exploits10References245

Cvelist•added 2018/12/04 11:0 p.m.•15 views

CVE-2018-17939

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint...

7.2AI score0.01166EPSS

Exploits1References2

CVE•added 2018/12/04 11:0 p.m.•56 views

CVE-2018-17939

CVE-2018-17939 affects GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. It is an information exposure via the merge request JSON endpoint, potentially allowing exposure of user-record data associated with discussions. Root cause: inform...

7.5CVSS7.2AI score0.01166EPSS

Exploits1References2Affected Software1

OSV•added 2018/10/24 7:42 p.m.•2 views

GHSA-XJRR-XV9M-4PW5 Improper Input Validation in alilibaba:fastjson

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

9.8CVSS7.6AI score0.3897EPSS

Exploits2References7

myhack58•added 2018/03/14 12:0 a.m.•112 views

How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net

! （CSRF + Flash + HTTP 307）=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...

7.1AI score

Exploits0

Hacker One•added 2018/02/28 8:16 a.m.•15 views

New Relic: [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}

This report is two reports in one, but I figured why create two reports when the root cause is essentially the same exact endpoint. Description When a restricted user with no permissions to view synthetics monitors tries to navigate to the permissions settings within Synthetics...

0.1AI score

Exploits0

Exploit DB•added 2017/03/06 12:0 a.m.•40 views

Deluge Web UI 1.3.13 - Cross-Site Request Forgery

!-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in binary releases yet. See...

7.4AI score

Exploits0