The vulnerability of the org.codehaus.jackson component in the jackson-mapper-asl library allows a attacker to compromise data integrity.

The vulnerability of the org.codehaus.jackson component in the jackson-mapper-asl library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jackson-mapper-asl: XML external entity similar to CVE-2016-3720

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

jackson-mapper-asl: XML external entity similar to CVE-2016-3720

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

jackson-mapper-asl: XML external entity similar to CVE-2016-3720

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

jackson-mapper-asl: XML external entity similar to CVE-2016-3720

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

jackson-mapper-asl: XML external entity similar to CVE-2016-3720

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity XXE vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity...

The vulnerability of the Ceph storage system, related to an authentication process error, allows a perpetrator to gain unauthorized access to the encryption keys for dm-crypt.

The vulnerability of the Ceph storage system is related to an authentication process error. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the encryption keys used for dm-crypt...

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +15898 more potentially affected by CVE-2019-10172 via org.codehaus.jackson:jackson-mapper-asl (>=0.9.8 <=1.9.13)

org.codehaus.jackson:jackson-mapper-asl MAVEN version =0.9.8, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2019-10172 Source advisory: OSV:GHSA-R6J9-8759-G62W...

Improper Restriction of XML External Entity Reference in jackson-mapper-asl

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...

GHSA-R6J9-8759-G62W Improper Restriction of XML External Entity Reference in jackson-mapper-asl

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...

kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service

The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dmgetfromkobject which can be caused by local users leveraging a race condition with dmdestroy during creation and removal of DM devices. Only privileged local users with CAPSYSADMIN capability can...

XML External Entities (XXE)

jackson-mapper-asl is vulnerable to XML external entity attacks. This vulnerability is similar to CVE-2016-3720 whereby the external DTD is not disabled, allowing an attacker to retrieve system files, or perform requests on behalf of the server using malicious XML documents...

newbee-mall SQL Injection Vulnerability

newbee-mall is an e-commerce system. A SQL injection vulnerability exists in the main/resources/mapper/NewBeeMallGoodsMapper.xml file in versions of newbee-mall prior to 2019-10-23, which stems from a lack of validation of externally entered SQL statements in database-based applications and can b...

SAS Institute SAS XML Mapper XML External Entity (XXE) Vulnerability

SAS Institute SAS XML Mapper is an XML mapper from the U.S. SAS SAS Institute. The product automatically analyzes the structure of XML files and generates basic metadata. An XML External Entity XXE vulnerability exists in SAS Institute SAS XML Mapper version 9.45. The vulnerability stems from an...

jackson-mapper-asl XML External Entity Vulnerability

jackson-mapper-asl is a data mapping package built on the Jackson JSON processor. An XML external entity vulnerability exists in version 1.9.x of jackson-mapper-asl. No detailed vulnerability details are provided at this time...

CVE-2019-19113

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall aka New Bee before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection...

DEBIAN-CVE-2019-10172

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...