CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2020/07/24 10:19 p.m.•47 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability...

8.3CVSS1.7AI score0.02622EPSS

Prion•added 2020/07/20 6:15 p.m.•17 views

Crlf injection

In Fiber before version 1.12.6, the filename that is given in c.Attachment https://docs.gofiber.io/ctxattachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the...

5.8CVSS5.5AI score0.0024EPSS

Exploits0References2Affected Software1

IBM Security Bulletins•added 2020/07/08 6:11 p.m.•43 views

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

5.3CVSS2.5AI score0.00329EPSS

Github Security Blog•added 2020/07/07 4:45 p.m.•49 views

Denial of service due to reference expansion in versions earlier than 4.0

Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0 resolved those references automatically. While this by itself doesn't cause much of a security problem, a denial of service can happen if those reference...

0.1AI score

Exploits0References2Affected Software1

RedHat Linux•added 2020/07/02 1:21 p.m.•4 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.62015EPSS

RedHat Linux•added 2020/07/02 1:21 p.m.•3 views

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

8.8CVSS7.1AI score0.01035EPSS

RedHat Linux•added 2020/07/02 1:21 p.m.•3 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.0239EPSS

RedHat Linux•added 2020/07/02 1:21 p.m.•2 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

9.8CVSS7.1AI score0.38262EPSS

Tenable Nessus•added 2020/07/02 12:0 a.m.•52 views

Debian DLA-2270-1 : jackson-databind security update

There were several CVEs reported against src:jackson-databind, which are as follows : CVE-2020-14060 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS7.2AI score0.09872EPSS

Exploits0References6

OSV•added 2020/07/01 12:0 a.m.•13 views

OSV-2020-516 Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned short, 2u> const> hb_array_t<OT::IntType<unsigne

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513 Crash type: Heap-buffer-overflow READ 2 Crash state: hbarrayt const hbarrayt ::copy ZN22hbserializecontextt5copyIN2OT14UnsizedArrayOfINS17IntTypeItLj2EEEEEJRj...

7.2AI score

Exploits0References1

IBM Security Bulletins•added 2020/06/30 8:49 a.m.•48 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java S...

8.3CVSS1.8AI score0.02622EPSS

RedhatCVE•added 2020/06/19 12:25 p.m.•35 views

CVE-2020-14062

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigatio...

6.8CVSS2.8AI score0.09872EPSS

RedhatCVE•added 2020/06/19 12:25 p.m.•30 views

CVE-2020-14061

6.8CVSS2.6AI score0.06308EPSS

RedhatCVE•added 2020/06/19 12:25 p.m.•45 views

CVE-2020-14060

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

6.8CVSS3.2AI score0.08934EPSS

RedhatCVE•added 2020/06/19 11:56 a.m.•38 views

CVE-2020-14195

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Th...

6.8CVSS2.8AI score0.09286EPSS