51 matches found
Security Bulletin: CVEs addressed in latest release of Cloudera Observability
Summary Common Vulnerabilities addressed by Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2021-20190 DESCRIPTION: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this...
Alibaba Cloud Linux 3 : 0020: pki-core:10.6 (ALINUX3-SA-2021:0020)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0020 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12086: A Polymorphic Typing issue...
Ubuntu 16.04 ESM : Jackson Databind vulnerabilities (USN-4813-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4813-1 advisory. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information...
Mageia: Security Advisory (MGASA-2021-0153)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
Updated jackson-databind packages fix security vulnerabilities
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
USN-4813-1: Jackson Databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...
FreeBSD : Payara -- A Polymorphic Typing issue in FasterXML jackson-databind (bd159669-0808-11eb-a3a4-0019dbb15b3f)
Payara Releases reports : The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases : - CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2019-4697 DESCRIPTION: IBM Guardium Data Encryption GDE stores user...
Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update
A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System
Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
Document Description CVE-2019-12086 Jackson Unserialization...
Fedora Update for jackson-core FEDORA-2019-99ff6aa32c
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for jackson-databind FEDORA-2019-99ff6aa32c
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update
Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to 18.8.13.0. It is, therefore, affected by multiple vulnerabilities: -...
Important: Red Hat Security Advisory: OpenShift Container Platform logging-elasticsearch5-container security update
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file re...
RHEL 7 : Red Hat Single Sign-On 7.3.4 security update on RHEL 7 (Important) (RHSA-2019:3045)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3045 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 6 : Red Hat Single Sign-On 7.3.4 security update on RHEL 6 (Important) (RHSA-2019:3044)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3044 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...