Unity Linux 20.1070e Security Update: jackson-dataformats-binary (UTSA-2026-016707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016707 advisory. This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation o...

EUVD-2021-2417

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impa...

Linux Distros Unpatched Vulnerability : CVE-2016-7051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side...

Linux Distros Unpatched Vulnerability : CVE-2020-28491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked...

OPENSUSE-SU-2024:13151-1 jackson-dataformat-csv-2.15.2-1.1 on GA media

These are all security issues fixed in the jackson-dataformat-csv-2.15.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11582-1 jackson-dataformat-cbor-2.13.0-1.1 on GA media

These are all security issues fixed in the jackson-dataformat-cbor-2.13.0-1.1 package on the GA media of openSUSE Tumbleweed...

Deserialization of Untrusted Data in apache-submarine

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

CVE-2023-46302

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

CVE-2023-46302

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

CVE-2023-46302 Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

Denial Of Service (DoS)

com.fasterxml.jackson.dataformat: jackson-dataformat-toml is vulnerable to Denial of Service DoS attacks. The vulnerability is due a lack of a max nesting depth; If the TOML parser is run on user supplied input an attacker is able to cause a stackoverflow, resulting in an application crash...

com.arassec.igor:igor-spring-boot-starter (>=0.6.7 <=0.6.8), com.arassec.igor:igor-standalone (>=0.6.7 <=0.6.8) +211 more potentially affected by CVE-2023-3894 via com.fasterxml.jackson.dataformat:jackson-dataformat-toml (>=2.12.3 <=2.14.2)

com.fasterxml.jackson.dataformat:jackson-dataformat-toml MAVEN version =2.12.3, =0.6.7, =0.6.7, =0.6.7, =0.0.1, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =2023.2, =1.1.6, =3.0.0-snapshot.20240126.12648.0.va9dc2d63, =3.0.0-snapshot.20240126.12648.0.va9dc2d63,...

SUSE CVE-2016-3720

XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...

SUSE CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)

Summary FasterXML jackson-dataformat-cbor is susceptible to denial of service, caused by java.lang.OutOfMemoryError exception. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of by...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

OpenShift Logging bug fix and security update 5.1.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...