Lucene search
K

26 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.7 views

SUSE CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...

7.5CVSS8.8AI score0.10763EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.49 views

Security Bulletin: Jackson-databind vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-14439, CVE-2019-14379)

Summary Jackson-databind is vulnerable to a remote attacker obtaining sensitive information or executing arbitrary code on the system which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-14439 Description: FasterXML jackson-databin...

9.8CVSS9.4AI score0.10763EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.35 views

Mageia: Security Advisory (MGASA-2021-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.45205EPSS
Exploits10References17
Mageia
Mageia
added 2021/03/27 2:27 p.m.220 views

Updated jackson-databind packages fix security vulnerabilities

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

9.8CVSS1.3AI score0.45205EPSS
Exploits10References15
Ubuntu
Ubuntu
added 2021/03/15 9:47 p.m.83 views

USN-4813-1: Jackson Databind vulnerabilities

It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...

10CVSS7.4AI score0.45205EPSS
Exploits10
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/13 3:2 a.m.37 views

Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540)

Summary IBM Network Performance Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-14379 DESCRIPTION: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of...

9.8CVSS0.3AI score0.10763EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.60 views

Fedora Update for jackson-databind FEDORA-2019-99ff6aa32c

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.45205EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.278 views

Fedora Update for jackson-core FEDORA-2019-99ff6aa32c

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.45205EPSS
Exploits4References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.39 views

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-14439 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occur...

7.5CVSS0.8AI score0.10763EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/24 9:18 a.m.125 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update

Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.4AI score0.45205EPSS
Exploits5References13
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/22 7:37 a.m.44 views

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Summary Multiple vulnerabilities exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.2.1, V7.2.0.2, and V7.1.2, and IBM Platform Symphony V7.1.1 and V7.1 Fix Pack 1. Interim fixes that provide instructions on upgrading the Jackson databind, core, and...

9.8CVSS1.2AI score0.10951EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/21 4:12 p.m.26 views

Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities

Summary IBM Event Streams has addressed the following vulnerabilities in the jackson-databind versions shipped. Vulnerability Details CVEID: CVE-2019-12814 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. ...

9.8CVSS1.1AI score0.10951EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/21 12:0 a.m.52 views

Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to 18.8.13.0. It is, therefore, affected by multiple vulnerabilities: -...

9.8CVSS7.6AI score0.87218EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2019/10/07 12:0 a.m.73 views

Debian DSA-4542-1 : jackson-databind - security update

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server....

9.8CVSS7.4AI score0.45205EPSS
Exploits3References14
Debian
Debian
added 2019/10/06 8:28 a.m.110 views

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

9.8CVSS8.9AI score0.45205EPSS
Exploits3
Debian
Debian
added 2019/10/06 8:28 a.m.56 views

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

7.5CVSS3.4AI score0.45205EPSS
Exploits3
OpenVAS
OpenVAS
added 2019/09/23 12:0 a.m.75 views

Fedora Update for jackson-databind FEDORA-2019-fb23eccc03

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS8.5AI score0.45205EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2019/09/23 12:0 a.m.41 views

Fedora Update for jackson-bom FEDORA-2019-ae6a703b8f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.45205EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2019/09/23 12:0 a.m.45 views

Fedora Update for jackson-core FEDORA-2019-fb23eccc03

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.45205EPSS
Exploits4References2
Debian
Debian
added 2019/08/12 10:19 p.m.91 views

[SECURITY] [DLA 1879-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u8 CVE ID : CVE-2019-14379 CVE-2019-14439 Debian Bug : 933393 Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was...

9.8CVSS7.1AI score0.10763EPSS
Exploits0
Rows per page
Query Builder