Lucene search
K

18 matches found

AstraLinux
AstraLinux
added 2025/02/06 4:28 p.m.2 views

Astra Linux - уязвимость в jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

8.1CVSS7AI score0.12504EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.5 views

SUSE CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS8.7AI score0.08607EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

7.3CVSS7AI score0.12504EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.3 views

SUSE CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...

8.1CVSS8AI score0.0489EPSS
Exploits1References3
OSV
OSV
added 2021/12/09 7:15 p.m.4 views

GHSA-5R5R-6HPJ-8GG9 Serialization gadget exploit in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

8.1CVSS7.1AI score0.12504EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.8 views

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

9.3CVSS7.1AI score0.0489EPSS
Exploits1References9Affected Software6
OSV
OSV
added 2021/01/07 12:15 a.m.1 views

DEBIAN-CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...

8.1CVSS7.5AI score0.0489EPSS
Exploits1References1
OSV
OSV
added 2020/12/27 5:15 a.m.2 views

DEBIAN-CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

8.1CVSS8.1AI score0.12504EPSS
Exploits0References1
OSV
OSV
added 2020/12/27 5:15 a.m.3 views

UBUNTU-CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

8.1CVSS7.2AI score0.12504EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2020/12/27 4:32 a.m.4 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

7.1AI score0.12504EPSS
Exploits0References10
CNNVD
CNNVD
added 2020/12/27 12:0 a.m.6 views

FasterXML jackson-databind Code Issue Vulnerability

FasterXML jackson-databind is a JAVA based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in FasterXML...

8.1CVSS7.2AI score0.12504EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2020/12/27 12:0 a.m.13 views

PT-2020-5529

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 Description The issue is related to the mishandling of the interaction between serialization gadgets and typing in the Jackson-databind library, specifically with...

9.3CVSS6.8AI score0.12504EPSS
Exploits0References63
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.3 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.3 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References4
OSV
OSV
added 2020/06/14 9:15 p.m.2 views

DEBIAN-CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References1
OSV
OSV
added 2020/06/14 9:15 p.m.8 views

UBUNTU-CVE-2020-14060

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS6.8AI score0.08607EPSS
Exploits0References5
OSV
OSV
added 2020/06/14 8:15 p.m.0 views

DEBIAN-CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References1
Rows per page
Query Builder