Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD53CAF29B-9180-11ED-ACBE-B42E991FC52E
HistoryJan 11, 2023 - 12:00 a.m.

cassandra3 -- multiple vulnerabilities

2023-01-1100:00:00
vuxml.freebsd.org
37

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

Cassandra tema reports:

This release contains 6 security fixes including

CVE-2022-24823: When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory
CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.
CVE-2019-2684: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcassandra3< 3.11.14UNKNOWN

Related

nessus 17
ibm 87
openvas 5
gentoo 1
mageia 1
osv 13
debian 2
redhat 7
cve 6
rocky 1
cgr 1
almalinux 1
ubuntucve 6
oraclelinux 1
veracode 6
prion 6
atlassian 8
amazon 1
redhatcve 6
debiancve 6
f5 4
github 5
cbl_mariner 1
broadcom 2
alpinelinux 1
kitploit 1
rubygems 1
fedora 2
nessus
nessus
FreeBSD : cassandra3 -- multiple vulnerabilities (53caf29b-9180-11ed-acbe-b42e991fc52e)
2023-01-12 00:00:00
SUSE SLED15 / SLES15 Security Update : jackson-databind (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
2023-05-02 21:10:24
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2023-06-22 18:28:22
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
osv
osv
jackson-databind - security update
2022-11-17 00:00:00
jackson-databind - security update
2022-11-27 00:00:00
CVE-2022-42003
2022-10-02 05:15:09
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
redhat
redhat
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2022:8876) Moderate: Red Hat AMQ Broker 7.10.2 release and security update
2022-12-07 08:18:33
(RHSA-2022:6820) Moderate: prometheus-jmx-exporter security update
2022-10-06 07:13:19
cve
cve
CVE-2022-25857
2022-08-30 05:15:00
CVE-2019-2684
2019-04-23 19:32:00
CVE-2022-42003
2022-10-02 05:15:00
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
cgr
cgr
CVE-2022-24823 vulnerabilities
2024-04-28 09:06:10
almalinux
almalinux
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2022-25857
2022-08-30 00:00:00
CVE-2022-42004
2022-10-02 00:00:00
CVE-2022-42003
2022-10-02 00:00:00
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-08-31 02:31:21
Denial Of Service (DoS)
2022-10-03 04:26:32
Denial Of Service (DoS)
2022-10-03 10:42:53
prion
prion
Code injection
2022-10-02 05:15:00
Design/Logic Flaw
2022-08-30 05:15:00
Deserialization of untrusted data
2022-10-02 05:15:00
atlassian
atlassian
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
FasterXML Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:38
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:23
amazon
amazon
Important: snakeyaml
2023-03-02 22:35:00
redhatcve
redhatcve
CVE-2022-25857
2022-09-14 12:44:14
CVE-2022-42003
2022-10-17 07:01:04
CVE-2022-42004
2022-10-17 07:01:06
debiancve
debiancve
CVE-2022-25857
2022-08-30 05:15:00
CVE-2022-42004
2022-10-02 05:15:00
CVE-2022-42003
2022-10-02 05:15:00
f5
f5
K000132725 : FasterXML vulnerability CVE-2022-42004
2023-03-22 00:00:00
K000135852 : FasterXML jackson-databind vulnerability CVE-2022-42003
2023-08-15 00:00:00
K11175903 : Oracle Java SE vulnerability CVE-2019-2684
2020-01-07 00:00:00
github
github
Uncontrolled Resource Consumption in FasterXML jackson-databind
2022-10-03 00:00:31
Uncontrolled Resource Consumption in snakeyaml
2022-08-31 00:00:24
Uncontrolled Resource Consumption in Jackson-databind
2022-10-03 00:00:31
cbl_mariner
cbl_mariner
CVE-2022-25857 affecting package snakeyaml 1.25-2
2024-04-28 09:06:18
broadcom
broadcom
CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur
2023-05-03 00:00:00
CVE-2022-42003 - In FasterXML jackson-databind before 2.14.0-rc1, ressource exhaustion
2023-05-03 00:00:00
alpinelinux
alpinelinux
CVE-2019-2684
2019-04-23 19:32:00
kitploit
kitploit
Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
2021-02-22 20:30:00
rubygems
rubygems
CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections
2022-02-23 21:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for 53CAF29B-9180-11ED-ACBE-B42E991FC52E
nessus17ibm87openvas5gentoo1mageia1osv13debian2redhat7cve6rocky1cgr1almalinux1ubuntucve6oraclelinux1veracode6prion6atlassian8amazon1redhatcve6debiancve6f54github5cbl_mariner1broadcom2alpinelinux1kitploit1rubygems1fedora2