Lucene search
K

44 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3473

Malicious code in bioql PyPI...

9.8CVSS8AI score0.05175EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2017-17485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-752...

9.8CVSS8.5AI score0.49727EPSS
Exploits7References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:36 p.m.25 views

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

10CVSS9AI score0.49727EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.41 views

RHEL 7 : jackson-databind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper CVE-2017-7525 - A...

9.8AI score0.49727EPSS
Exploits7References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.8 views

SUSE CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS8.5AI score0.49727EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:55 p.m.48 views

Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

9.8CVSS8.9AI score0.49727EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/12 10:52 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management

Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...

9.8CVSS2.1AI score0.49727EPSS
Exploits7Affected Software19
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.95 views

Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the...

10CVSS1.3AI score0.49727EPSS
Exploits13Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 8:40 p.m.183 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

8.1CVSS5AI score0.06962EPSS
Exploits0References18Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.144 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update

A minor version update from 7.4 to 7.5 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

10CVSS7.9AI score0.94774EPSS
Exploits20References30
RedHat Linux
RedHat Linux
added 2019/10/18 7:52 p.m.176 views

Important: Red Hat Security Advisory: OpenShift Container Platform logging-elasticsearch5-container security update

An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.5AI score0.49727EPSS
Exploits10References21
NVD
NVD
added 2019/10/01 3:15 p.m.39 views

CVE-2019-10202

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS8.9AI score0.05175EPSS
Exploits0References9
Prion
Prion
added 2019/10/01 3:15 p.m.43 views

Deserialization of untrusted data

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

7.5CVSS8.8AI score0.49727EPSS
Exploits10References9Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/16 4:21 p.m.129 views

Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.12 security update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

9.8CVSS7.4AI score0.49727EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2019/07/15 7:18 p.m.130 views

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.12 security update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.4AI score0.49727EPSS
Exploits3References11
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/01 2:0 p.m.47 views

Security Bulletin: Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF

Summary Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485, CVE-2018-5968, CVE-2018-7489 Vulnerability Details CVE-2017-7525 Jackson-databind Also implemented in JBoss BPM Suite is vulnerable to remote code execution when...

9.8CVSS1.6AI score0.49727EPSS
Exploits7Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/18 5:42 p.m.6 views

ai.chronon:aggregator_2.11 (>=0.0.1 <=thread_contention-0.0.23-dev3), ai.chronon:aggregator_2.12 (>=0.0.6 <=thread_contention-0.0.23-dev3) +12482 more potentially affected by CVE-2017-17485 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.3)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =thread-pool-0.0.24-dev, =local, =local, =0.0.6, =0.0.1, =1.3.0, =1.1.0, =1.0.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2017-17485 Source advisory:...

9.8CVSS6.8AI score0.49727EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:51 p.m.47 views

Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Jackson JSON library is shipped as a component of IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library. Information about security vulnerabilities affecting Jackson JSON library has been published. The Netcool/OMNIbus Transport Module Common Integration...

9.8CVSS1.5AI score0.49727EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2018/05/15 7:44 p.m.7 views

jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...

9.8CVSS7.6AI score0.49727EPSS
Exploits1References4
Rows per page
Query Builder