Lucene search
K

112 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libjackson-json-java

A deserialization flaw was discovered in the Jackson-Databind library in versions prior to 2.8.10 and 2.9.1. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper class. This issue extends the...

9.8CVSS7.9AI score0.08411EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0610

Malware in sbrugna...

9.8CVSS7.6AI score0.08411EPSS
Exploits2References46
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3473

Malicious code in bioql PyPI...

9.8CVSS8AI score0.05175EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.14 views

RHEL 7 : rh-eclipse46-jackson-databind (RHSA-2017:1839)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1839 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fixe...

9.8CVSS8.1AI score0.37925EPSS
Exploits7References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:36 p.m.25 views

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

10CVSS9AI score0.49727EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.41 views

RHEL 7 : jackson-databind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper CVE-2017-7525 - A...

9.8AI score0.49727EPSS
Exploits7References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/07 10:53 a.m.25 views

Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

9.8CVSS9.6AI score0.99615EPSS
Exploits21Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.91 views

K65417229: Apache Struts vulnerability CVE-2017-7525

Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS8.3AI score0.37925EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 7:26 p.m.43 views

Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)

Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...

9.8CVSS9.6AI score0.37925EPSS
Exploits7Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/12 10:52 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management

Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...

9.8CVSS2.1AI score0.49727EPSS
Exploits7Affected Software19
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2017-0255)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.37925EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2021/03/12 12:0 a.m.68 views

JFrog < 7.8.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.8.1. It is, therefore, affected by multiple vulnerabilities: - A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could...

9.8CVSS7.4AI score0.49727EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2020/08/25 12:0 a.m.40 views

Debian: Security Advisory (DLA-2342-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.37925EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2020/08/25 12:0 a.m.232 views

Debian DLA-2342-1 : libjackson-json-java security update

Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these...

9.8CVSS7.5AI score0.37925EPSS
Exploits7References5
Debian
Debian
added 2020/08/24 9:26 a.m.54 views

[SECURITY] [DLA 2342-1] libjackson-json-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

9.8CVSS9.4AI score0.37925EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2020/06/30 8:40 p.m.182 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

8.1CVSS5AI score0.07008EPSS
Exploits0References18Affected Software1
OpenVAS
OpenVAS
added 2020/05/26 12:0 a.m.50 views

Huawei Data Communication: RCE Vulnerability in Jackson JSON library of Apache Struts2 (huawei-sa-20180228-01-struts)

Apache Struts2 released a remote code execution RCE vulnerability in S2-055 on the official website. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

9.8CVSS9.6AI score0.37925EPSS
Exploits7References1
OpenVAS
OpenVAS
added 2020/02/01 12:0 a.m.87 views

Debian: Security Advisory (DLA-2091-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.37925EPSS
Exploits7References3
Debian
Debian
added 2020/01/31 9:51 p.m.160 views

[SECURITY] [DLA 2091-1] libjackson-json-java security update

Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...

9.8CVSS9.4AI score0.37925EPSS
Exploits7
Rows per page
Query Builder