Show filters
22 Total Results
Displaying 11-20 of 22
Sort by:
Attacker Value
Unknown

CVE-2020-10673

Disclosure Date: March 18, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Attacker Value
Unknown

CVE-2019-20330

Disclosure Date: January 03, 2020 (last updated February 21, 2025)
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Attacker Value
Unknown

CVE-2019-10219

Disclosure Date: November 08, 2019 (last updated November 08, 2023)
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Attacker Value
Unknown

CVE-2019-16335

Disclosure Date: September 15, 2019 (last updated November 08, 2023)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Attacker Value
Unknown

CVE-2019-14540

Disclosure Date: September 15, 2019 (last updated November 08, 2023)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Attacker Value
Unknown

CVE-2019-10246

Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
Attacker Value
Unknown

CVE-2019-10247

Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
Attacker Value
Unknown

CVE-2019-1559

Disclosure Date: February 26, 2019 (last updated November 08, 2023)
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Attacker Value
Unknown

CVE-2018-19039

Disclosure Date: December 13, 2018 (last updated November 27, 2024)
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
0
Attacker Value
Unknown

CVE-2017-14651

Disclosure Date: September 21, 2017 (last updated November 26, 2024)
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.