112 matches found
Astra Linux – Vulnerability in libjackson-json-java
A deserialization flaw was discovered in the Jackson-Databind library in versions prior to 2.8.10 and 2.9.1. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper class. This issue extends the...
EUVD-2018-0610
Malware in sbrugna...
EUVD-2022-3473
Malicious code in bioql PyPI...
RHEL 7 : rh-eclipse46-jackson-databind (RHSA-2017:1839)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1839 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fixe...
Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data
Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...
RHEL 7 : jackson-databind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper CVE-2017-7525 - A...
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...
K65417229: Apache Struts vulnerability CVE-2017-7525
Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)
Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...
Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management
Summary Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management Vulnerability Details CVEID: CVE-2016-7051 DESCRIPTION: jackson-dataformat-xml is vulnerable to server-side request forgery, caused by a flaw in the XmlMapper. By using vectors related to a DTD, an attacker could...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities
Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...
Mageia: Security Advisory (MGASA-2017-0255)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JFrog < 7.8.1 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.8.1. It is, therefore, affected by multiple vulnerabilities: - A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could...
Debian: Security Advisory (DLA-2342-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2342-1 : libjackson-json-java security update
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these...
[SECURITY] [DLA 2342-1] libjackson-json-java security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...
Huawei Data Communication: RCE Vulnerability in Jackson JSON library of Apache Struts2 (huawei-sa-20180228-01-struts)
Apache Struts2 released a remote code execution RCE vulnerability in S2-055 on the official website. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Debian: Security Advisory (DLA-2091-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2091-1] libjackson-json-java security update
Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization...