1053 matches found
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Design/Logic Flaw
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
CVE-2020-9410 TIBCO JasperReports Library
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that...
CVE-2020-9410
The CVE-2020-9410 issue affects TIBCO JasperReports components (Library, ActiveMatrix BPM variants, Server variants) and is caused by insufficient input validation leading to HTML injection in the report output. This can let a remote attacker who views a maliciously crafted report execute scripts...
PT-2020-4877 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Library versions 7.1.1 and below, 7.2.0, 7.2.1, 7.3.0, 7.5.0 TIBCO JasperReports Library for ActiveMatrix BPM versions 7.1.1 and below TIBCO JasperReports Server versions 7.1.1 and below, 7.2.0, 7.5.0 TIBCO JasperReports...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
CVE-2020-6202
SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
PT-2020-10171 · Grafana +4 · Grafana +4
Name of the Vulnerable Software and Affected Versions: Grafana versions 6.4.3 and earlier Description: The issue allows an authenticated attacker with privileges to modify data source configurations to read arbitrary files. This can be exploited by an attacker who has the necessary permissions to...
The vulnerability in the `createImageBitmap` function of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to a data source confirmation error, allows attackers to disclose protected information.
The vulnerability of the createImageBitmap function in Firefox, Firefox ESR, and the Thunderbird email client involves reading images from various sources, which violates the company’s policies. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of the Firefox browser’s Upgrade-Insecure-Requests specification, related to a data source confirmation error, allows a hacker to access confidential data and compromise its integrity.
The vulnerability of the Upgrade-Insecure-Requests specification in the Firefox browser is related to a data source confirmation error. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
The vulnerability of the implementation of the polymorphic data typing mechanism in the jackson-databind library allows a attacker to execute malicious loads.
The vulnerability of the Jackson-Databind library’s polymorphic data typing mechanism is related to deficiencies in input data processing. Exploiting this vulnerability could allow a malicious actor to execute malicious operations using the com.p6spy.engine.spy.P6DataSource class...
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project allows a malicious actor to gain unauthorized access to information or cause service failures.
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to information...
CVE-2019-17335
The CVE-2019-17335 issue affects TIBCO Spotfire Analytics Platform for AWS Marketplace (v10.6.0) and TIBCO Spotfire Server (7.11.7 and older; 7.12.0–7.14.0; 10.0.0–10.6.0). The data access layer could allow an attacker with library save privileges to access data cached from a data source or part ...