73 matches found
Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017603)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017603 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
EUVD-2019-0709
Malware in sbrugna...
EUVD-2021-2527
Malware in sbrugna...
VulnCheck KEV: CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
Security Bulletin: Apache commons-dbcp vulnerability affects watsonx.data
Summary Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an error if a BasicDataSource is created with jmxName set. By using JMXBean, an attacker could exploit this vulnerability to expose/export the password...
Security Bulletin: There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting Service
Summary There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache commons-dbcp that resolves the issue. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allo...
The vulnerability of the DBCPConnectionPool and HikariCPConnectionPool control servers of the Apache NiFi data processing platform allows a hacker to execute arbitrary code.
The vulnerability of the DBCPConnectionPool and HikariCPConnectionPool control servers of the Apache NiFi data processing platform is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-1644)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1644 advisory. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a...
com.hcl.commerce:commerce-search-processors (>=9.1.14.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0) +153 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-service-api (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-service-api MAVEN version =1.21.0, =9.1.14.0, =1.22.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 and more Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
org.apache.nifi:nifi-hadoop-dbcp-service-nar (>=1.12.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hadoop-dbcp-service (>=1.12.0 <=1.22.0)
org.apache.nifi:nifi-hadoop-dbcp-service MAVEN version =1.12.0, =1.12.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.22.0) +1 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.22.0)
org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi.minifi:minifi-assembly (=1.22.0) +6 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-dbcp-service (>=0.2.0-incubating <=1.22.0)
org.apache.nifi:nifi-dbcp-service MAVEN version =0.2.0-incubating, =0.2.0-incubating, =1.16.0, =1.16.0, =1.0.0, =0.2.2, =0.2.2, =0.2.3 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.1.0)
org.apache.nifi:nifi-dbcp-service-nar MAVEN version =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.21.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-hikari-dbcp-service (>=1.16.0 <=1.21.0)
org.apache.nifi:nifi-hikari-dbcp-service MAVEN version =1.16.0, =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
org.apache.nifi:nifi-dbcp-service (>=1.19.0 <=1.21.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.19.0 <=1.21.0) +3 more potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-base (>=1.19.0 <=1.21.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.21.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
PT-2023-5586 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a vulnerability in Apache commons-dbcp
Summary A vulnerability in Apache commons-dbcp used by InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an...
SUSE CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
SUSE CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...