com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-10770 via io.ratpack:ratpack-core (>=0.9.10 <=1.7.5)

io.ratpack:ratpack-core MAVEN version =0.9.10, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-10770 Source advisory: SNYK:JAVA-IORATPACK-534882...

Debian DSA-4542-1 : jackson-databind - security update

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server....

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...

xstream code injection vulnerability

xstream is an open source Java class library , it can serialize objects into XML or deserialize XML into objects . . A code injection vulnerability exists in xstream. The vulnerability stems from a network system or product that does not properly filter special elements of externally entered data...

[SECURITY] [DSA 4452-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4452-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2019 https://www.debian.org/security/faq -...

com.crawljax.plugins:testcasegenerator (=4.1), com.crawljax:crawljax-examples (=4.1) +25 more potentially affected by unknown CVE via org.testng:testng (>=7.0.0-beta1 <=7.0.0-beta3)

org.testng:testng MAVEN version =7.0.0-beta1, =1.0, =1.0.0, =1.0, =1.0, =5.15, =0.1.20, =0.1.20, =0.1.20, =0.1.20, =0.1.20, =0.1.20, =0.1.20, =0.1.20, =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGTESTNG-174823...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +5726 more potentially affected by CVE-2018-19362 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.7.9.4)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.2, =0.8.0, =3.3.3, =0.0.1, =0.0.2, =0.0.3 - at.ac.ait.lablink.clients:sync =0.0.1 - at.ac.ait.lablink:core =0.0.1 and more Source cves: CVE-2018-19362 Source advisory:...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6769 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000344 Source advisory: OSV:GHSA-2J2X-HX4G-2GF4...

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

RHEL 7 : Virtualization (RHSA-2018:1713)

An update for unboundid-ldapsdk is now available for Red Hat Virtualization Engine 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: unboundid-ldapsdk security update

An update for unboundid-ldapsdk is now available for Red Hat Virtualization Engine 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Updated libpam4j package fixes security vulnerability

It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...

[SECURITY] [DSA 4190-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4190-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2018 https://www.debian.org/security/faq -...

ai.grakn:grakn-test (>=0.13.0 <=0.15.0), ai.grakn:test-integration (>=0.16.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +803 more potentially affected by CVE-2018-1002202 via net.lingala.zip4j:zip4j (>=1.2.3 <=1.3.2)

net.lingala.zip4j:zip4j MAVEN version =1.2.3, =0.13.0, =0.16.0, =1.5.0, =1.0.0, =1.0.1, =1.0.4, =2.5.7, =1.1.13, =1.0.7, =1.1.4, =2.1.0, =1.0.0, =3.0.2, =1.0.3, =3.3.0, =3.3.9 and more Source cves: CVE-2018-1002202 Source advisory: SNYK:JAVA-NETLINGALAZIP4J-31679...

[SECURITY] Fedora 27 Update: unboundid-ldapsdk-4.0.5-1.fc27

The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communicati o...

[SECURITY] Fedora 26 Update: unboundid-ldapsdk-4.0.5-1.fc26

The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communicati o...

[SECURITY] [DSA 4114-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4114-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 15, 2018 https://www.debian.org/security/faq -...