The vulnerability of the implementation of the polymorphic data typing mechanism in the jackson-databind library allows a attacker to execute malicious loads.

The vulnerability of the Jackson-Databind library’s polymorphic data typing mechanism is related to deficiencies in input data processing. Exploiting this vulnerability could allow a malicious actor to execute malicious operations using the com.p6spy.engine.spy.P6DataSource class...

The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project allows a malicious actor to gain unauthorized access to information or cause service failures.

The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to information...

CVE-2019-17335

The CVE-2019-17335 issue affects TIBCO Spotfire Analytics Platform for AWS Marketplace (v10.6.0) and TIBCO Spotfire Server (7.11.7 and older; 7.12.0–7.14.0; 10.0.0–10.6.0). The data access layer could allow an attacker with library save privileges to access data cached from a data source or part ...

The vulnerability of the FasterXML function (com.zaxxer.hikari.HikariDataSource) in the Jackson-Databind JSON file parsing library allows a attacker to gain full control over the system.

The vulnerability of the FasterXML function com.zaxxer.hikari.HikariDataSource in the Jackson-Databind JSON parsing library involves memory corruption due to the incorrect structure of data being restored. Exploiting this vulnerability could allow an attacker to gain full control over the system...

OWOX, Inc.: The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.

Hi team, This is another report with 732987. Because it is completely independent Detail -- In the process of selecting the data source at https://bi.owox.com/ui/settings/connected-services/setup/, I found a reflected XSS. Specifically, when you click on Google Analytics, a page will appear for y...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

DEBIAN-CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

DEBIAN-CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...

UBUNTU-CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

GHSA-85CW-HJ65-QQV9 Polymorphic Typing issue in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

UBUNTU-CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

CVE-2019-15635 affects Grafana 5.4.0: passwords for data sources (e.g., MySQL) are stored unencrypted and can be exposed. An admin can reveal these credentials by using the Save and test button in a data source’s settings, watching the traffic, or using the browser’s Show password option. The con...

[SECURITY] Fedora 29 Update: sphinx-2.2.11-12.fc29

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

CVE-2019-13348

In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases...

CVE-2019-13348

CVE-2019-13348 affects Knowage up to 6.1.1: an authenticated user who visits the datasources page can access data source credentials in cleartext (including database credentials). Multiple connected sources corroborate this vulnerability (NVD entry, Red Hat advisory, CNVD, OSV, CVE listings). Roo...

Exploit for Code Injection in Apache Solr

Declaration The vulnerability detection methods, documentat...

CVE-2019-7089

creationtimestamp| type| source ---|---|--- 2019-02-21 21:04:16+00:00| seen| https://t.me/BleepingComputer/4507 2019-02-25 08:35:12+00:00| seen| https://t.me/xakepru/5980 2019-05-24 19:48:22+00:00| seen| https://t.me/cvemitreorg/345 2025-08-31 03:00:48+00:00| seen|...