Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.16 views

Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2788 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in...

7.5CVSS6.5AI score0.02656EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.4 views

The vulnerability of the Jackson-databind library, related to the restoration of unreliable data in memory, allows an intruder to gain unauthorized access to protected information or cause a service failure.

The vulnerability of the Jackson-databind library relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or cause service failures...

10CVSS7.4AI score0.0864EPSS
Exploits0References32Affected Software7
OSV
OSV
added 2020/05/15 6:58 p.m.2 views

GHSA-V3XW-C963-F5HC jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq. aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms...

8.8CVSS7.1AI score0.03489EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2020/03/18 5:36 p.m.11 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05329EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/31 5:26 p.m.7 views

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

5.9CVSS7.8AI score0.45205EPSS
Exploits2References4
Rows per page
Query Builder