dawetmaster

165 exploits Active since Aug 2013
CVE-2020-24616 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.10.6 - RCE
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVSS 8.1
CVE-2020-24750 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVSS 8.1
CVE-2020-25649 NOMISEC HIGH STUB
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVSS 7.5
CVE-2020-26217 NOMISEC HIGH STUB
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
CVSS 8.0
CVE-2020-26258 NOMISEC MEDIUM STUB
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
CVSS 6.3
CVE-2020-26259 NOMISEC MEDIUM STUB
XStream <1.4.15 - File Deletion
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
CVSS 6.8
CVE-2020-28491 NOMISEC HIGH STUB
jackson-dataformats-binary < 2.11.4 - Denial of Service via Unchecked Byte Buffer Allocation
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVSS 7.5
CVE-2020-35217 NOMISEC HIGH WORKING POC
Vert.x-Web 4.0.0-milestone1-4.0.0-milestone4 - Cross-Site Request Forgery via Incorrect Token Verification
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
CVSS 8.8
CVE-2020-35490 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-35491 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-35728 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.7 - Deserialization of Untrusted Data via JNDIConnectionPool
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVSS 8.1
CVE-2020-36179 NOMISEC HIGH WORKING POC
Oracle JD Edwards Enterpriseone Tools - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36180 NOMISEC HIGH WORKING POC
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36181 NOMISEC HIGH WORKING POC
Netapp Service Level Manager < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36182 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36183 NOMISEC HIGH STUB
FasterXML jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVSS 8.1
CVE-2020-36184 NOMISEC HIGH WORKING POC
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-36185 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-36186 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-36187 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-36188 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via JNDIConnectionSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVSS 8.1
CVE-2020-36189 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVSS 8.1
CVE-2020-36518 NOMISEC HIGH STUB
jackson-databind < 2.13.0 - Denial of Service via Nested Object Depth
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS 7.5
CVE-2020-7692 NOMISEC HIGH STUB
Google OAuth Client Library for Java < 1.31.0 - Incorrect Authorization via Missing PKCE Implementation
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
CVSS 7.4
CVE-2020-8840 NOMISEC CRITICAL WORKING POC
FasterXML Jackson-Databind <2.9.10.2 - RCE
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CVSS 9.8