1036 matches found
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...
PT-2020-13229 · Redash · Redash
Name of the Vulnerable Software and Affected Versions: Redash open-source versions 8.0.0 and prior Description: An authenticated Server-Side Request Forgery SSRF was discovered via the JSON data source. This issue provides flexibility in crafting HTTP requests, such as adding headers and selectin...
CVE-2020-0115
creationtimestamp| type| source ---|---|--- 2020-06-10 22:55:32+00:00| seen| https://t.me/cibsecurity/12660...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Design/Logic Flaw
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
CVE-2020-9410
The CVE-2020-9410 issue affects TIBCO JasperReports components (Library, ActiveMatrix BPM variants, Server variants) and is caused by insufficient input validation leading to HTML injection in the report output. This can let a remote attacker who views a maliciously crafted report execute scripts...
CVE-2020-9410 TIBCO JasperReports Library
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
PT-2020-4877 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Library versions 7.1.1 and below, 7.2.0, 7.2.1, 7.3.0, 7.5.0 TIBCO JasperReports Library for ActiveMatrix BPM versions 7.1.1 and below TIBCO JasperReports Server versions 7.1.1 and below, 7.2.0, 7.5.0 TIBCO JasperReports...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
PT-2020-10171 · Grafana +4 · Grafana +4
Name of the Vulnerable Software and Affected Versions: Grafana versions 6.4.3 and earlier Description: The issue allows an authenticated attacker with privileges to modify data source configurations to read arbitrary files. This can be exploited by an attacker who has the necessary permissions to...
The vulnerability in the `createImageBitmap` function of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to a data source confirmation error, allows attackers to disclose protected information.
The vulnerability of the createImageBitmap function in Firefox, Firefox ESR, and the Thunderbird email client involves reading images from various sources, which violates the company’s policies. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of the Firefox browser’s Upgrade-Insecure-Requests specification, related to a data source confirmation error, allows a hacker to access confidential data and compromise its integrity.
The vulnerability of the Upgrade-Insecure-Requests specification in the Firefox browser is related to a data source confirmation error. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...