891 matches found
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...
Xxe
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...
CVE-2020-25649
The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...
The vulnerability of the org.jsecurity component in the Jackson-databind library of the FasterXML project allows a hacker to execute arbitrary code.
The vulnerability of the org.jsecurity component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code on the target system...
Security Bulletin: Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14195
Summary Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14195 Vulnerability Details CVEID: CVE-2020-14195 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14062
Summary Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14062 Vulnerability Details CVEID: CVE-2020-14062 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...
The vulnerability of the weblogic/oracle-aqjms component of the Jackson-databind library in the FasterXML project allows a attacker to execute arbitrary code.
The vulnerability of the weblogic/oracle-aqjms component of the Jackson-databind library in the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. Mitigation There is currently no known mitigation for this flaw...
FreeBSD : Payara -- A Polymorphic Typing issue in FasterXML jackson-databind (bd159669-0808-11eb-a3a4-0019dbb15b3f)
Payara Releases reports : The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases : - CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before...
The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.
The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of the spring-aop component of the Jackson-databind library in the FasterXML project allows a hacker to execute arbitrary code.
The vulnerability of the spring-aop component of the Jackson-databind library in the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code on the target system...
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
CVE-2020-24750
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
CVE-2020-24750
CVE-2020-24750 affects FasterXML jackson-databind 2.x prior to 2.9.10.6, where the interaction between serialization gadgets and typing is mishandled (CWE-502). This deserialization flaw could enable exploitation via untrusted data; the connected IBM/Cloudera doc confirms the CVE entry but does n...