ROOT-APP-MAVEN-CVE-2022-42003 CVE-2022-42003 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42003 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

Security Bulletin: Due to the use of jackson-core, IBM webMethods BPM and IBM webMethods Integration are vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM and IBM webMethods Integration are dependant on jackson-databind which is affected by a known vulnerabilities WS-2022-0468, CVE-2022-42004, CVE-2022-42003, CVE-2023-35116. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in FasterXML jackson-databind

Summary Vulnerabilities have been identified in FasterXML jackson-databind, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion ca...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component.

Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial o...

EUVD-2025-42003

Malicious code in rudi-otak-otak36-cloud9 npm...

Linux Distros Unpatched Vulnerability : CVE-2022-42003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializer...

Oracle Siebel Server <= 23.5 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...

Fedora 38 : fasterxml-oss-parent / jackson-annotations / jackson-bom / etc (2022-6aa833b95f)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-6aa833b95f advisory. Rebase Jackson packages to the latest upstream version 2.14.1 Tenable has extracted the preceding description block directly from the Fedora securit...

java-jwt-4.4.0-1.1 on GA media (moderate)

java-jwt-4.4.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14395-1 Rating: moderate Cross-References: CVE-2022-42003 CVSS scores: CVE-2022-42003 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

RHEL 8 : jboss-on (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: use of deeply nested arrays CVE-2022-42004 - jackson-databind 2.10.x through 2.12.x...

RHEL 9 : jboss-on (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: use of deeply nested arrays CVE-2022-42004 - In FasterXML jackson-databind before...

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details CVEID:CVE-2023-40695 DESCRIPTION: IBM Cognos Controller...

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

Mageia: Security Advisory (MGASA-2024-0069)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-42003

creationtimestamp| type| source ---|---|--- 2024-02-08 09:11:55+00:00| seen| https://t.me/ctinow/181235 2024-02-08 09:11:56+00:00| seen| https://t.me/ctinow/181236 2024-02-08 09:41:27+00:00| seen| https://t.me/ctinow/181247 2024-02-08 12:36:47+00:00| seen| https://t.me/ctinow/181338 2024-02-08...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager software component. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)

Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion HCI for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...