Astra Linux - уязвимость в libjackson-json-java

A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information Disclosure, Buffer Overflow and Denial of Service (DoS) due to Java JSON library ('Jackson')

Summary Jackson is used in Apache Solr, Apache ZooKeeper, and Logstash by IBM Operations Analytics - Log Analysis as part of parsing, generating, or serialising JSON data as part of their request handling, configuration processing, or structured logging workflows. CVE-2025-49128, CVE-2025-52999,...

EUVD-2022-5362

Malicious code in bioql PyPI...

OSV-2025-765 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=446027675 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/java.lang.StringUTF16.newBytesFor java.base/java.lang.StringUTF16.toBytes...

marshalsec

It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...

Linux Distros Unpatched Vulnerability : CVE-2022-42004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use ...

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

SUSE CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

Security Bulletin: IBM MQ is vulnerable to an issue within Jackson

Summary An issue was identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. The Jackson library is only used in IBM MQ Versions 9.2.4 and above. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerabl...

Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the...

FasterXML jackson-databind 代码问题漏洞

FasterXML jackson-databind is a generic data binding package for Jackson 2.x. A security vulnerability exists in FasterXML jackson-databind. No details of the vulnerability are provided at this time...

marshalsec

This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...

Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

Summary There are multiple vulnerabilities that affect IBM PureApplication System. IBM PureApplication System has addressed vulnerabilities. Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation...

Remote code execution

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

CVE-2019-12017

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

CVE-2019-12017

CVE-2019-12017 describes a remote code execution in MapR CLDB. An attacker could exploit the CLDB’s JSON handling by manipulating the JSON request’s class property, causing the deserializer to load a malicious Java class via a remote URLClassLoader and instantiate it in CLDB. This leads to arbitr...

FasterXML Jackson Input Validation Error Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . An input validation error vulnerability exists in FasterXML Jackson. An attacker could exploit this vulnerability to cause a denial of service...

ca.islandora.alpaca:islandora-indexing-triplestore (>=0.2.0 <=0.7.1), cool.pandora:acrepo-exts-image (=0.0.3) +279 more potentially affected by CVE-2016-8749 via org.apache.camel:camel-jackson (>=2.18.0 <=2.18.1)

org.apache.camel:camel-jackson MAVEN version =2.18.0, =0.2.0, =1.0.8, =1.0.8, =1.0.10, =1.1.0, =1.0.8, =1.0.8, =1.1.0, =1.0.8, =1.0.8, =1.0.8, =0.0.7, =0.0.7, =0.0.10 and more Source cves: CVE-2016-8749 Source advisory: OSV:GHSA-VVJC-Q5VR-52Q6...

Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)

Vulnerability exists in Jackson data-bind library. This vulnerability is due to deserialization of untrusted data. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...

Jackson enableDefaultTyping method of deserialization code execution vulnerability(CVE-2017-7525)

Earlier this year, a vulnerability was discovered in the Jackson data-binding library, a library for Java that allows developers to easily serialize Java objects to JSON and vice versa, that allowed an attacker to exploit deserialization to achieve Remote Code Execution on the server. This...