CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4222 matches found

CVE•added 2021/01/19 4:27 p.m.•267 views

CVE-2021-20190

CVE-2021-20190 is a Jackson Databind deserialization vulnerability involving the interaction between serialization gadgets and typing, present in Jackson Databind up to 2.9.10.7. The IBM bulletin for Cloudera Observability confirms this CVE as part of a collection and notes a fix in Cloudera Obse...

8.3CVSS7.6AI score0.00502EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2021/01/19 12:0 a.m.•7 views

PT-2021-7983 · Unknown +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.9.10.7 jackson-databind versions prior to 2.6.7.5 Description: The issue is related to the jackson-databind library's handling of serialization gadgets and typing, which can lead to the restoration of...

9.8CVSS7.2AI score0.62015EPSS

Exploits27References242

OpenVAS•added 2021/01/19 12:0 a.m.•20 views

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2021-1078)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.3AI score0.00535EPSS

Exploits0References2

CNNVD•added 2021/01/19 12:0 a.m.•2 views

FasterXML jackson-databind 代码问题漏洞

FasterXML jackson-databind is a JAVA-based data formats such as XML and JSON and JAVA objects can be converted to the library . Jackson can easily convert Java objects into json objects and xml documents , the same can be converted to json, xml Java objects . A code issue vulnerability exists in...

8.3CVSS5.9AI score0.00502EPSS

Exploits0References32

RedHat Linux•added 2021/01/18 6:34 p.m.•72 views

Important: Red Hat Security Advisory: xstream security update

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.3CVSS7.4AI score0.93171EPSS

Exploits7References2

Prion•added 2021/01/14 10:15 a.m.•15 views

Design/Logic Flaw

This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify function and then written into the HTML page...

4.3CVSS6.2AI score0.003EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2021/01/14 12:0 a.m.•39 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2021-1460)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.272.b10-1.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1460 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

5.8CVSS6.1AI score0.00234EPSS

Exploits0References15

RedhatCVE•added 2021/01/07 8:15 p.m.•34 views

CVE-2020-36189

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.1CVSS1.9AI score0.04276EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:15 p.m.•43 views

CVE-2020-36187

8.1CVSS1.9AI score0.02335EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:14 p.m.•31 views

CVE-2020-36185

8.1CVSS1.9AI score0.0295EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:14 p.m.•51 views

CVE-2020-36184

8.8CVSS1.9AI score0.07471EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:14 p.m.•51 views

CVE-2020-36183

8.1CVSS1.9AI score0.02241EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:14 p.m.•40 views

CVE-2020-36182

8.8CVSS1.9AI score0.0295EPSS

Exploits2References4

RedhatCVE•added 2021/01/07 8:14 p.m.•41 views

CVE-2020-36188

8.1CVSS1.9AI score0.10179EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 8:14 p.m.•43 views

CVE-2020-36186

8.1CVSS1.9AI score0.02623EPSS

Exploits1References4

RedhatCVE•added 2021/01/07 7:42 p.m.•54 views

CVE-2020-36179

8.8CVSS1.9AI score0.61883EPSS

Exploits2References4

RedhatCVE•added 2021/01/07 7:41 p.m.•30 views

CVE-2020-36180

8.8CVSS1.9AI score0.03194EPSS

Exploits2References4

RedhatCVE•added 2021/01/07 7:41 p.m.•43 views

CVE-2020-36181

8.8CVSS1.9AI score0.05862EPSS

Exploits2References4

Veracode•added 2021/01/07 9:36 a.m.•29 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because untrusted classes org.apache.commons.dbcp2.datasources.SharedPoolDataSource was not filtered by default from the interaction between serialization gadgets and...

8.1CVSS4.5AI score0.04249EPSS

Exploits1References11Affected Software3

OSV•added 2021/01/07 12:15 a.m.•0 views

DEBIAN-CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...

8.1CVSS7.5AI score0.02241EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by