Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-0440

Malware in sbrugna...

9.8CVSS7.6AI score0.03958EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 8 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...

9.8CVSS8.9AI score0.17611EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.7 views

SUSE CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8.8AI score0.03958EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/05/15 6:59 p.m.155 views

Polymorphic deserialization of malicious object in jackson-databind

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS2.6AI score0.03958EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/01 2:56 a.m.47 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS1.8AI score0.03958EPSS
Exploits0References3
NVD
NVD
added 2020/03/02 9:15 p.m.22 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8.8AI score0.03958EPSS
Exploits0References8
OSV
OSV
added 2020/03/02 9:15 p.m.3 views

DEBIAN-CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 9:15 p.m.26 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.2AI score0.03958EPSS
Exploits0References8
Prion
Prion
added 2020/03/02 9:15 p.m.24 views

Deserialization of untrusted data

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

7.5CVSS8.7AI score0.03958EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2020/03/02 9:15 p.m.35 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.2AI score0.03958EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/03/02 8:11 p.m.27 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

7.5CVSS9.6AI score0.03958EPSS
Exploits0References8
CVE
CVE
added 2020/03/02 8:11 p.m.386 views

CVE-2019-14893

CVE-2019-14893 affects FasterXML jackson-databind up to versions before 2.9.10 and 2.10.0, enabling unsafe polymorphic deserialization via enableDefaultTyping or JsonTypeInfo Id.CLASS/Id.MINIMAL_CLASS, potentially leading to remote code execution when deserializing from unsafe sources. Root cause...

9.8CVSS9.5AI score0.03958EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2020/03/02 8:11 p.m.40 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS9.2AI score0.03958EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/03/02 12:0 a.m.10 views

PT-2020-4105

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions prior to 2.9.10 and 2.10.0 Description: A flaw in FasterXML jackson-databind allows polymorphic deserialization of malicious objects using the xalan JNDI gadget when used with polymorphic type handling...

10CVSS7.1AI score0.03958EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.4 views

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.03958EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:23 a.m.5 views

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.03958EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/14 6:59 p.m.6 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.08045EPSS
Exploits0References4
Rows per page
Query Builder