891 matches found
CVE-2020-8840
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...
CVE-2020-8840
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...
CVE-2020-8840
CVE-2020-8840 affects FasterXML jackson-databind 2.0.0–2.9.10.2, where missing blocking of xbean-reflect/JNDI chains (notably org.apache.xbean.propertyeditor.JndiConverter) enables JNDI injection leading to remote code execution. Affected component is jackson-databind’s deserialization path; impa...
PT-2020-5725 · Fasterxml +8 · Jackson-Databind +8
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.0.0 through 2.9.10.2 FasterXML jackson-databind 2.x before 2.6.7.4 FasterXML jackson-databind 2.7.x before 2.7.9.7 FasterXML jackson-databind 2.8.x before 2.8.11.5 FasterXML jackson-databind 2.9.x before...
PT-2020-3307 · Oracle +10 · Communications Contacts Server +36
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.4 oracle weblogic server affected versions not specified oracle retail xstore point of service affected versions not specified oracle retail service backbone affected versions not specifie...
FasterXML Jackson jackson-databind code issue vulnerability
FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A code issue vulnerability exists in version 2.x of FasterXML jackson-databind prior to 2.9.10.2. The vulnerability stems from an improperly...
PT-2020-5476 · Fasterxml +4 · Jackson-Databind +4
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.4 Description: The issue is related to the restoration of untrusted data in memory, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of...
PT-2020-5468 · Fasterxml +3 · Jackson-Databind +3
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x prior to 2.9.10.4 Description: The issue is related to the interaction between serialization gadgets and typing in the FasterXML jackson-databind library, specifically with the...
Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to 17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to 19.12.0.1. It is, therefore, affected by...
Security Bulletin: Security vulnerabilities affect IBM Cloud Object Storage SDK Java (November 2019 Bulletin)
Summary Security vulnerabilities affect IBM Cloud Object Storage SDK Java. These vulnerabilities have been addressed in the latest SDK 2.5.5 release. Vulnerability Details CVEID: CVE-2019-16335 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It ...
Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the...
FasterXML Jackson-databind CVE-2019-14540 Information Disclosure Vulnerability
Description FasterXML Jackson-databind is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. FasterXML jackson-databind versions prior to 2.9.10 are vulnerable. Technologies Affected FasterXML...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
CVE-2019-20330
CVE-2019-20330 affects FasterXML jackson-databind 2.x before 2.9.10.2, which lacks blocking for net.sf.ehcache in deserialization. This is a deserialization-side issue with high–critical impact potential; remediation is to upgrade to jackson-databind 2.9.10.2 or newer as indicated by connected IB...
CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
Summary IBM Watson Discovery for IBM Cloud Pak for Data is shipped with versions of FasterXML jackson-databind vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-16335 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is...