CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

Linux Distros Unpatched Vulnerability : CVE-2019-16943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

GHSA-JJFH-589G-3HJX Spring Boot Actuator denial of service vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

PT-2023-7931 · Spring · Spring Boot

Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.7.0 through 2.7.17 Spring Boot versions 3.0.0 through 3.0.12 Spring Boot versions 3.1.0 through 3.1.5 Description: The issue is related to the Spring Boot framework, where an application can be vulnerable to a...

SUSE CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

SUSE CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...

DEBIAN-CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...

UBUNTU-CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

DEBIAN-CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...