41 matches found
Alibaba Cloud Linux 3 : 0020: pki-core:10.6 (ALINUX3-SA-2021:0020)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0020 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12086: A Polymorphic Typing issue...
SUSE CVE-2019-12814
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...
Mageia: Security Advisory (MGASA-2021-0153)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated jackson-databind packages fix security vulnerabilities
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
USN-4813-1: Jackson Databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2019-4697 DESCRIPTION: IBM Guardium Data Encryption GDE stores user...
CVE-2019-12814
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files. Mitigation This vulnerability relies on jdom...
Fedora Update for jackson-core FEDORA-2019-99ff6aa32c
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for jackson-databind FEDORA-2019-99ff6aa32c
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: : Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-12814)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-12814 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Defaul...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.5.0 Security Update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.5.0 Security Update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update
Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony
Summary Multiple vulnerabilities exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.2.1, V7.2.0.2, and V7.1.2, and IBM Platform Symphony V7.1.1 and V7.1 Fix Pack 1. Interim fixes that provide instructions on upgrading the Jackson databind, core, and...
Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities
Summary IBM Event Streams has addressed the following vulnerabilities in the jackson-databind versions shipped. Vulnerability Details CVEID: CVE-2019-12814 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. ...
Important: Red Hat Security Advisory: OpenShift Container Platform logging-elasticsearch5-container security update
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 7 : Red Hat Single Sign-On 7.3.4 security update on RHEL 7 (Important) (RHSA-2019:3045)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3045 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 6 : Red Hat Single Sign-On 7.3.4 security update on RHEL 6 (Important) (RHSA-2019:3044)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3044 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 8 : Red Hat Single Sign-On 7.3.4 security update on RHEL 8 (Important) (RHSA-2019:3046)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3046 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.4 security update on RHEL 8
New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...