71 matches found
Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017603)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017603 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
EUVD-2019-0709
Malware in sbrugna...
EUVD-2021-2527
Malware in sbrugna...
VulnCheck KEV: CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
Security Bulletin: Apache commons-dbcp vulnerability affects watsonx.data
Summary Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an error if a BasicDataSource is created with jmxName set. By using JMXBean, an attacker could exploit this vulnerability to expose/export the password...
Security Bulletin: There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting Service
Summary There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache commons-dbcp that resolves the issue. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allo...
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-1644)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1644 advisory. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a...
com.hcl.commerce:commerce-search-processors (>=9.1.14.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0) +153 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-service-api (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-service-api MAVEN version =1.21.0, =9.1.14.0, =1.22.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 and more Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.22.0) +1 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.22.0)
org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi.minifi:minifi-assembly (=1.22.0) +6 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-dbcp-service (>=0.2.0-incubating <=1.22.0)
org.apache.nifi:nifi-dbcp-service MAVEN version =0.2.0-incubating, =0.2.0-incubating, =1.16.0, =1.16.0, =1.0.0, =0.2.2, =0.2.2, =0.2.3 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
org.apache.nifi:nifi-hadoop-dbcp-service-nar (>=1.12.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hadoop-dbcp-service (>=1.12.0 <=1.22.0)
org.apache.nifi:nifi-hadoop-dbcp-service MAVEN version =1.12.0, =1.12.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.21.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.21.0)
org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.1.0)
org.apache.nifi:nifi-dbcp-service-nar MAVEN version =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
org.apache.nifi:nifi-dbcp-service (>=1.19.0 <=1.21.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.19.0 <=1.21.0) +3 more potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-base (>=1.19.0 <=1.21.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.21.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
PT-2023-5586 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a vulnerability in Apache commons-dbcp
Summary A vulnerability in Apache commons-dbcp used by InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an...
SUSE CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
SUSE CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...
Code Injection in jackson-databind
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...