RockyLinux 10 : go-rpm-macros (RLSA-2026:8840)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8840 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

CVE-2025-8840

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8840

Summary (CVE-2025-8840, jshERP): Up to version 3.5, jshERP’s Endpoint component exposes an authorization flaw in the file /jshERP-boot/user/deleteBatch where manipulation of the argument ids enables a remote attack. Public exploit disclosure is noted. Several sources corroborate an improper autho...

CVE-2019-8840

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges...

Security Bulletin: Vulnerability in Open Source Jackson databind used in IBM Cloud Pak System (CVE-2020-8840)

Summary Vulnerability with unknown impact identified in jackson-databind used in IBM Cloud Pak System Software. IBM Cloud Pak System addressed vulnerability. It applies to IBM Cloud Pak System Software and Service. Vulnerability Details CVEID:CVE-2020-8840 DESCRIPTION: FasterXML jackson-databind...

PDF-XChange Editor < 10.4.0.387 Multiple Vulnerabilities

The version of PDF-XChange Editor installed on the remote Windows host is prior to 10.4.0.387. It is, therefore, affected by multiple vulnerabilities: - A specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM B2B Advanced Communications has addressed vulnerabilities in jackson-databind shipped with product. Vulnerability Details CVEID:CVE-2018-14719 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block...

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in jackson-databind that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36182 DESCRIPTION:...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in jackson-databind in B2B API. Vulnerability Details CVEID:CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base scor...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 (RHSA-2022:8840)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8840 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

Mageia: Security Advisory (MGASA-2021-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840 Jackson-databind远程代码执行漏洞（CVE-2020-8840）分析复现环境代码。 项目包含： jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞（CVE-2020-8840），攻击者可利用xbean-reflect的利用链（org.apache.xbean.propertyeditor.JndiConverter）触发JNDI远程类加载从而达到远程代码执行。...

Security Bulletin: Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Jackson Databind, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2020-9547 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary...

CVE-2020-8840

creationtimestamp| type| source ---|---|--- 2021-06-17 00:59:33+00:00| seen| https://t.me/pwnwikizhchannel/664 2023-12-18 02:32:42+00:00| seen| https://t.me/arpsyndicate/1893...

USN-4813-1: Jackson Databind vulnerabilities

It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840：FasterXML/jackson-databind 远程代码执行漏洞 0x00 简介 jackson-databind 是隶属 FasterXML 项目组下的JSON处理库。 0x01 漏洞概述 2月19日，NVD发布安全通告披露了jackson-databind由JNDI注入导致的远程代码执行漏洞（CVE-2020-8840），CVSS评分为9.8...

CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:1644)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1644 advisory. - jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 - jackson-databind: Serialization gadgets in...

CVE-2019-8840

CVE-2019-8840 affects Apple Xcode (ld64) where an out-of-bounds read was caused by insufficient bounds checking. Impact: compiling with untrusted sources may allow arbitrary code execution with user privileges. Affected/product: Xcode (ld64 component) on macOS. Root cause: out-of-bounds read due ...

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-8840 DESCRIPTION: An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base score: 5.3 CVSS Temporal...

Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...