Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-4529

Malware in sbrugna...

7.5CVSS6AI score0.03521EPSS
Exploits1References30
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0750

Malware in sbrugna...

9.8CVSS8.6AI score0.05329EPSS
Exploits0References40
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.42 views

K32562850: jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531

Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in t...

9.8CVSS8AI score0.05329EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.5 views

SUSE CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS9.3AI score0.05329EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/09 10:9 a.m.62 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS2.5AI score0.05329EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/22 12:15 a.m.40 views

Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439)

Summary There are multiple security vulnerabilities in FasterXML Jackson-databind that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-16943 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is...

9.8CVSS0.3AI score0.10763EPSS
Exploits1Affected Software1
OSV
OSV
added 2019/11/13 12:32 a.m.2 views

GHSA-GJMW-VF9H-G25V jackson-databind polymorphic typing issue

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in...

9.8CVSS7.2AI score0.05329EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2019/11/13 12:32 a.m.73 views

jackson-databind polymorphic typing issue

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in...

9.8CVSS9AI score0.05329EPSS
Exploits0References22Affected Software1
Veracode
Veracode
added 2019/10/14 5:13 a.m.30 views

Remote Code Execution (RCE)

FasterXML jackson-databind is vulnerable to remote code execution RCE. A polymorphic typing issue allows a remote attacker to execute arbitrary code through the JNDI service due to unsafe deserialization of objects related to the apache-log4j-extra classpath...

9.8CVSS5.7AI score0.05329EPSS
Exploits0References24Affected Software4
NVD
NVD
added 2019/10/12 9:15 p.m.21 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS9.4AI score0.05329EPSS
Exploits0References19
OSV
OSV
added 2019/10/12 9:15 p.m.29 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS9.4AI score
Exploits0References19
UbuntuCve
UbuntuCve
added 2019/10/12 9:15 p.m.30 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS7.2AI score0.05329EPSS
Exploits0References5
Prion
Prion
added 2019/10/12 9:15 p.m.24 views

Design/Logic Flaw

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

6.8CVSS9.2AI score0.05329EPSS
Exploits0References19Affected Software20
Cvelist
Cvelist
added 2019/10/12 8:7 p.m.27 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.4AI score0.05329EPSS
Exploits0References19
Debian CVE
Debian CVE
added 2019/10/12 8:7 p.m.39 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS8.9AI score0.05329EPSS
Exploits0
CVE
CVE
added 2019/10/12 8:7 p.m.405 views

CVE-2019-17531

CVE-2019-17531 affects FasterXML jackson-databind 2.0.0–2.9.10; when Default Typing is enabled for an externally exposed JSON endpoint and apache-log4j-extra 1.2.x is on the classpath, an attacker capable of providing a JNDI service can trigger remote code execution. Connected documents corrobora...

9.8CVSS9.2AI score0.05329EPSS
Exploits0References19Affected Software1
Veracode
Veracode
added 2019/05/02 4:42 a.m.34 views

Authorization Bypass

JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface JNDI Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract...

7.5CVSS5.7AI score0.03521EPSS
Exploits2References16Affected Software3
Veracode
Veracode
added 2019/01/15 8:53 a.m.22 views

Unauthorized Modification

jbossas is vulnerable to unauthorized modification attacks. The vulnerability exists in the 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal...

7.5CVSS6.1AI score0.03521EPSS
Exploits1References33Affected Software2
UbuntuCve
UbuntuCve
added 2012/11/23 8:55 p.m.30 views

CVE-2011-4605

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS5.9AI score0.03521EPSS
Exploits1References2
Prion
Prion
added 2012/11/23 8:55 p.m.31 views

Input validation

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS7.1AI score0.03521EPSS
Exploits1References18Affected Software5
Rows per page
Query Builder