Lucene search
+L

3733 matches found

debian
debian
added 2017/11/16 12:40 p.m.52 views

[SECURITY] [DSA 4037-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq -...

7.5CVSS2.7AI score0.37925EPSS
Exploits7
debian
debian
added 2017/11/16 12:40 p.m.59 views

[SECURITY] [DSA 4037-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4037-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 16, 2017 https://www.debian.org/security/faq -...

9.8CVSS9.2AI score0.37925EPSS
Exploits7
mageia
mageia
added 2017/11/16 7:39 a.m.71 views

Updated jackson-databind packages fix security vulnerability

An unsafe deserialization vulnerability was found due to incomplete blacklisting of the unsafe elements, due to an incomplete fix for CVE-2017-7525 CVE-2017-15095...

9.8CVSS3.7AI score0.08411EPSS
Exploits2References3
ptsecurity
ptsecurity
added 2017/11/16 12:0 a.m.15 views

PT-2018-5762 · Netapp +7 · Netapp Oncommand Shift +26

Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.8.11 and 2.9.4 debian linux affected versions not specified fasterxml jackson-databind affected versions not specified netapp oncommand balance affected versions not specified netapp oncommand performance...

9.8CVSS7.9AI score0.49727EPSS
Exploits7References92
osv
osv
added 2017/11/16 12:0 a.m.45 views

DSA-4037-1 jackson-databind - security update

Bulletin has no description...

9.8CVSS9.6AI score0.08411EPSS
Exploits2
nessus
nessus
added 2017/11/16 12:0 a.m.37 views

Fedora 26 : jackson-databind (2017-e16ed3f7a1)

Security fix for CVE-2017-15095 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

9.8CVSS7.3AI score0.08411EPSS
Exploits2References2
fedora
fedora
added 2017/11/15 8:23 p.m.77 views

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
fedora
fedora
added 2017/11/15 5:58 p.m.47 views

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
openvas
openvas
added 2017/11/15 12:0 a.m.38 views

Debian: Security Advisory (DSA-4037-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1AI score
Exploits0References3
nessus
nessus
added 2017/11/14 12:0 a.m.47 views

RHEL 7 : rh-eclipse47-jackson-databind (RHSA-2017:3189)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3189 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fixe...

9.8CVSS8.1AI score0.37925EPSS
Exploits7References4
redhat
redhat
added 2017/11/13 4:36 a.m.3 views

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References5
redhat
redhat
added 2017/11/13 4:36 a.m.112 views

Important: Red Hat Security Advisory: rh-eclipse46-jackson-databind security update

An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7.2AI score0.37925EPSS
Exploits7References2
redhat
redhat
added 2017/11/13 4:24 a.m.60 views

Important: Red Hat Security Advisory: rh-eclipse47-jackson-databind security update

An update for rh-eclipse47-jackson-databind is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.2AI score0.37925EPSS
Exploits7References2
redhat
redhat
added 2017/11/13 4:24 a.m.3 views

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References5
redhat
redhat
added 2017/11/07 5:23 p.m.3 views

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.6AI score0.37925EPSS
Exploits7References4
cnvd
cnvd
added 2017/11/03 12:0 a.m.4 views

FasterXML Jackson-databind Deserialization Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A remote code execution vulnerability exists in FasterXML Jackson-databind. An attacker could exploit this vulnerability to execute arbitrary...

9.8CVSS8.4AI score0.08411EPSS
Exploits2References1
veracode
veracode
added 2017/11/02 8:36 a.m.47 views

Remote Code Execution (RCE) Through Deserialization

Jackson-databind is vulnerable to remote code execution RCE attacks. This is a follow-up similar attack of CVE-2017-7525. The attack is still possible because more dangerous classes were added in the later released versions and were not blacklisted...

9.8CVSS9.4AI score0.37925EPSS
Exploits7References35Affected Software3
ptsecurity
ptsecurity
added 2017/11/01 12:0 a.m.11 views

PT-2019-4596

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.0.0 through 2.9.10 jackson-databind versions prior to 2.9.10.1 jackson-databind versions prior to 2.8.11.5 jackson-databind versions prior to 2.6.7.3 Description A Polymorphic Typing issue in the jackson-databind...

10CVSS6.9AI score0.05373EPSS
Exploits0References137
ptsecurity
ptsecurity
added 2017/11/01 12:0 a.m.16 views

PT-2020-5463

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.0.0 through 2.9.10.3 FasterXML jackson-databind versions 2.6.0 through 2.6.7.3 Description The issue is related to the interaction between serialization gadgets and typing, specifically with...

9.3CVSS6.9AI score0.08028EPSS
Exploits0References123
ptsecurity
ptsecurity
added 2017/11/01 12:0 a.m.14 views

PT-2020-6701

Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...

7.8CVSS6.8AI score0.17611EPSS
Exploits0References221
Rows per page
Query Builder