CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

891 matches found

CVE•added 2019/06/24 3:34 p.m.•903 views

CVE-2019-12384

CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...

5.9CVSS8AI score0.51266EPSS

Exploits2References45Affected Software1

Debian CVE•added 2019/06/24 3:34 p.m.•32 views

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

5.9CVSS8.3AI score0.51266EPSS

Exploits2

Cvelist•added 2019/06/24 3:34 p.m.•21 views

CVE-2019-12384

8AI score0.51266EPSS

Exploits2References45

CNVD•added 2019/06/21 12:0 a.m.•1 views

FasterXML jackson-databind information disclosure vulnerability (CNVD-2019-41724)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . An information disclosure vulnerability exists in FasterXML jackson-databind. An attacker could exploit the vulnerability to obtain sensitive...

5.9CVSS7.9AI score0.18064EPSS

Exploits0References1

OSV•added 2019/06/19 2:15 p.m.•31 views

CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

5.9CVSS5.6AI score

Exploits0References55

NVD•added 2019/06/19 2:15 p.m.•14 views

CVE-2019-12814

5.9CVSS7.3AI score0.18064EPSS

Exploits0References55

UbuntuCve•added 2019/06/19 2:15 p.m.•25 views

CVE-2019-12814

5.9CVSS6.9AI score0.18064EPSS

Exploits0References4

CVE•added 2019/06/19 1:24 p.m.•309 views

CVE-2019-12814

CVE-2019-12814 is detailed in an IBM security bulletin related to Cloudera Observability on Premises (IBM) 3.5.3. The flaw stems from a polymorphic-typing deserialization issue in FasterXML jackson-databind 2.x up to 2.9.9. When Default Typing is enabled for an externally exposed JSON endpoint an...

5.9CVSS7.3AI score0.18064EPSS

Exploits0References55Affected Software1

Cvelist•added 2019/06/19 1:24 p.m.•25 views

CVE-2019-12814

7.3AI score0.18064EPSS

Exploits0References55

Debian CVE•added 2019/06/19 1:24 p.m.•24 views

CVE-2019-12814

5.9CVSS7.5AI score0.18064EPSS

Exploits0

Symantec•added 2019/06/19 12:0 a.m.•83 views

FasterXML Jackson-databind CVE-2019-12814 Information Disclosure Vulnerability

Description FasterXML Jackson-databind is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. FasterXML jackson-databind versions 2.x through 2.9.9 are vulnerable. Technologies Affected FasterXML...

4.3CVSS0.6AI score0.18064EPSS

Exploits0References1Affected Software12

IBM Security Bulletins•added 2019/06/12 11:40 p.m.•26 views

Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019)

Summary Vulnerability affects IBM Cloud Object Storage SDK Java. It has been addressed in the latest SDK Java release. Vulnerability Details CVE-ID: CVE-2019-12086 Description: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing...

7.5CVSS0.7AI score0.15179EPSS

Exploits2Affected Software1

Github Security Blog•added 2019/05/23 9:32 a.m.•123 views

Information exposure in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS1.2AI score0.15179EPSS

Exploits2References46Affected Software1

Prion•added 2019/05/17 5:29 p.m.•27 views

Design/Logic Flaw

5CVSS8AI score0.15179EPSS

Exploits2References41Affected Software2

NVD•added 2019/05/17 5:29 p.m.•24 views

CVE-2019-12086

7.5CVSS8.2AI score0.15179EPSS

Exploits2References41

OSV•added 2019/05/17 5:29 p.m.•21 views

CVE-2019-12086

7.5CVSS7.3AI score

Exploits0References41

CVE•added 2019/05/17 4:57 p.m.•352 views

CVE-2019-12086

CVE-2019-12086 involves a polymorphic typing issue in FasterXML jackson-databind 2.x prior to 2.9.9. When Default Typing is enabled for an externally exposed JSON endpoint and a victim service has mysql-connector-java (8.0.14 or earlier) on the classpath, an attacker can send a crafted JSON to re...

7.5CVSS8.2AI score0.15179EPSS

Exploits2References41Affected Software1

Cvelist•added 2019/05/17 4:57 p.m.•25 views

CVE-2019-12086

8.2AI score0.15179EPSS

Exploits2References41

Debian CVE•added 2019/05/17 4:57 p.m.•42 views

CVE-2019-12086

7.5CVSS7.6AI score0.15179EPSS

Exploits2

FreeBSD•added 2019/05/17 12:0 a.m.•45 views

Payara -- A Polymorphic Typing issue in FasterXML jackson-databind

Payara Releases reports: The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases: CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9...

7.5CVSS2.6AI score0.15179EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by