Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4220 matches found

OSV
OSVadded 2020/03/18 10:15 p.m.18 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS6.5AI score
Exploits0References8
OSV
OSVadded 2020/03/18 10:15 p.m.1 views

DEBIAN-CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS6.9AI score0.39493EPSS
Exploits0References1
Prion
Prionadded 2020/03/18 10:15 p.m.26 views

Code injection

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

6.8CVSS9AI score0.20898EPSS
Exploits0References8Affected Software30
OSV
OSVadded 2020/03/18 10:15 p.m.1 views

UBUNTU-CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS6.9AI score0.39493EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2020/03/18 10:15 p.m.28 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS6.9AI score0.20898EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2020/03/18 10:15 p.m.31 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS6.9AI score0.39493EPSS
Exploits0References4
OSV
OSVadded 2020/03/18 10:15 p.m.0 views

UBUNTU-CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS6.9AI score0.20898EPSS
Exploits0References5
Prion
Prionadded 2020/03/18 10:15 p.m.19 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

6.8CVSS9AI score0.39493EPSS
Exploits0References8Affected Software30
Cvelist
Cvelistadded 2020/03/18 9:17 p.m.31 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

9.1AI score0.39493EPSS
Exploits0References8
CVE
CVEadded 2020/03/18 9:17 p.m.457 views

CVE-2020-10672

CVE-2020-10672 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The issue arises from deserialization gadget/typing interaction (related to org.apache. Aries transaction JMS XaPooledConnectionFactory), enabling high-severity impact on data confidentiality/integrity/availability. Connecte...

8.8CVSS8.3AI score0.39493EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVEadded 2020/03/18 9:17 p.m.33 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS8.4AI score0.39493EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2020/03/18 9:17 p.m.28 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

6.7AI score0.39493EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2020/03/18 9:17 p.m.30 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS8.4AI score0.20898EPSS
Exploits0
CVE
CVEadded 2020/03/18 9:17 p.m.426 views

CVE-2020-10673

CVE-2020-10673 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The IBM bulletin and the consolidated Jira/Advisory in connected docs describe a deserialization issue where interaction between serialization gadgets and typing (related to com.caucho.config.types.ResourceRef, aka caucho-qu...

8.8CVSS8.3AI score0.20898EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichmentadded 2020/03/18 9:17 p.m.21 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

6.7AI score0.20898EPSS
Exploits0References8
Cvelist
Cvelistadded 2020/03/18 9:17 p.m.21 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

9.1AI score0.20898EPSS
Exploits0References8
RedHat Linux
RedHat Linuxadded 2020/03/18 5:36 p.m.4 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.06454EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2020/03/18 5:36 p.m.3 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.01223EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2020/03/18 12:0 a.m.40 views

RHEL 6 : java-1.8.0-ibm (RHSA-2020:0856)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0856 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

8.1CVSS6.9AI score0.01699EPSS
Exploits0References10
RedHat Linux
RedHat Linuxadded 2020/03/17 1:11 p.m.73 views

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS6.7AI score0.01699EPSS
Exploits0References5
Rows per page
Query Builder