Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.9 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/23 9:22 p.m.14 views

Server-side Request Forgery (SSRF)

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class,...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

UBUNTU-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/23 8:51 p.m.8 views

CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0
CVE
CVE
added 2026/06/23 8:51 p.m.95 views

CVE-2026-54514

CVE-2026-54514 affects jackson-databind’s InetSocketAddress handling during deserialization. From 2.0.0 up to fixes in 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress(host, port), causing eager DNS resolution at readValue time and enabling an attacker to trigger...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/23 8:51 p.m.9 views

EUVD-2026-38592

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51597

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.0.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The JDKFromStringDeserializer function constructs InetSocketAddress using new...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.6 views

OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...

5CVSS7.4AI score0.04875EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/03/11 6:47 p.m.6 views

OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...

5CVSS7.4AI score0.04875EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/04 11:51 p.m.13 views

OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...

5CVSS7.4AI score0.04875EPSS
Exploits0References5
Rows per page
Query Builder