CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2019-16335 – jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
https://notcve.org/view.php?id=CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. PicoC versión 2.1, hay un desbordamiento de búfer en la región heap de la memoria en la función StringStrcpy en la biblioteca cstdlib/string.c cuando se llama desde ExpressionParseFunctionCall en el archivo expression.c. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://access.redhat.com/errata/RHSA-2020:0729 https://github.com/FasterXML/jackson-databind/issues/2449 https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 0CVE-2019-14540 – jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
https://notcve.org/view.php?id=CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con com.zaxxer.hikari.HikariConfig. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x https://github.com/FasterXML/jackson-databind/issues/2410 https://github.com/FasterXML/jackson-databind/issues&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 82%CPEs: 4EXPL: 3CVE-2019-12922 – phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12922
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Un problema de tipo CSRF en phpMyAdmin versión 4.9.0.1, permite la eliminación de cualquier servidor en la página de Setup. phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47385 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2019/Sep/23 https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b https://lists.fed • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16235
https://notcve.org/view.php?id=CVE-2019-16235
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Dino antes del 10-09-2019, no comprueba correctamente la fuente de un mensaje carbons en el archivo module/xep/0280_message_carbons.vala. • http://www.openwall.com/lists/oss-security/2019/09/12/5 https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 https://gultsch.de/dino_multiple.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC h • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16236
https://notcve.org/view.php?id=CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Dino antes del 10-09-2019, no comprueba la autorización de inserción de lista en el archivo module/roster/module.vala. • http://www.openwall.com/lists/oss-security/2019/09/12/5 https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9 https://gultsch.de/dino_multiple.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC h • CWE-862: Missing Authorization •