Lucene search
+L

3738 matches found

Positive Technologies
Positive Technologies
added 2018/08/17 12:0 a.m.9 views

PT-2018-2765

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.0.0 through 2.9.6 FasterXML jackson-databind versions 2.8.0 through 2.8.11.2 FasterXML jackson-databind versions 2.7.0 through 2.7.9.4 Description The issue is caused by the lack of protection of the...

10CVSS7.1AI score0.09682EPSS
Exploits0References106
Tenable Nessus
Tenable Nessus
added 2018/08/14 12:0 a.m.21 views

FasterXML Jackson Databind Detection for Linux/UNIX

Binary data jacksondatabinddetectnix.nbin...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.10 views

The vulnerability of the ObjectMapper component in the FasterXML jackson-databind library allows attackers to bypass the “black list” restrictions and execute arbitrary code.

The vulnerability of the ObjectMapper component in the FasterXML jackson-databind library relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows a malicious actor to bypass the “black list” restrictions and execute arbitrary code using specially...

9.8CVSS7.6AI score0.20135EPSS
Exploits0References10Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/12 12:16 a.m.67 views

Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Jackson-databind were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2018-5968 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By...

9.8CVSS2AI score0.49727EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/06/29 12:0 a.m.44 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2090)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2090 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References9
Tenable Nessus
Tenable Nessus
added 2018/06/29 12:0 a.m.60 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2089)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2089 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References9
RedHat Linux
RedHat Linux
added 2018/06/28 7:27 a.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 3:3 p.m.6 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 3:3 p.m.7 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 2:35 p.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
Veracode
Veracode
added 2018/06/19 9:4 a.m.47 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution RCE attacks. The vulnerability exists because it does not prevent the deserialization of certain gadget types from the JDBC driver which could be used to perform remote code execution attacks through deserialization...

7.5CVSS8.9AI score0.08944EPSS
Exploits0References43Affected Software43
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:51 p.m.47 views

Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Jackson JSON library is shipped as a component of IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library. Information about security vulnerabilities affecting Jackson JSON library has been published. The Netcool/OMNIbus Transport Module Common Integration...

9.8CVSS1.5AI score0.49727EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.46 views

Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 )

Summary IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability. IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS0.8AI score0.37925EPSS
Exploits7Affected Software1
RedHat Linux
RedHat Linux
added 2018/06/04 11:15 a.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/04 11:15 a.m.149 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.8AI score0.37925EPSS
Exploits7References5
Openbugbounty
Openbugbounty
added 2018/05/22 1:33 a.m.12 views

jacksoncountymunicipalcourt.com XSS vulnerability

Open Bug Bounty ID: OBB-619887 Description| Value ---|--- Affected Website:| jacksoncountymunicipalcourt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/18 12:0 a.m.55 views

RHEL 7 : rhvm-appliance (RHSA-2018:1525)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1525 advisory. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is availab...

9.8CVSS8.1AI score0.9797EPSS
Exploits31References20
Tenable Nessus
Tenable Nessus
added 2018/05/18 12:0 a.m.63 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.20 (RHSA-2018:1449)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1449 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

9.8CVSS7.8AI score0.49727EPSS
Exploits7References21
RedHat Linux
RedHat Linux
added 2018/05/15 7:44 p.m.11 views

jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...

9.8CVSS7.6AI score0.49727EPSS
Exploits1References4
Veracode
Veracode
added 2018/05/15 3:28 a.m.52 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the availability of an allowed gadget type that could be used to perform remote code execution attacks through deserialization...

9.8CVSS9.5AI score0.37925EPSS
Exploits7References29Affected Software43
Rows per page
Query Builder