EUVD-2019-0191

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-19361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic...

CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...

Deserialization Of Untrusted Data

org.apache.openmeetings,openmeetings-parent is vulnerable to Deserialization of untrusted data. The vulnerability is due to the lack of proper configuration for the openjpa.serialization.class.blacklist and openjpa.serialization.class.whitelist settings in the clustering instructions, allowing an...

GHSA-MJF9-4PCV-VFG7 Apache OpenMeetings vulnerable to Deserialization of Untrusted Data

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

PT-2025-3058

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 2.1.0 through 8.0.0 Description The default clustering instructions do not specify white/black lists for OpenJPA, leading to possible deserialization of untrusted data. This issue allows attackers to execute...

SUSE CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

SUSE CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

Security Bulletin: Potential security vulnerability in WebSphere Application Server CVE-2013-1768 PM86780

Abstract Potential security vulnerability in WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1768 PM86780, PM86786, PM86788 and PM86791 DESCRIPTION: Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file syste...

br.net.woodstock.rockframework:rockframework-domain (>=1.2.1 <=1.2.2), com.evasion:Plugin-Junit (>=1.0.0.1 <=1.0.0.4) +182 more potentially affected by CVE-2013-1768 via org.apache.openjpa:openjpa (>=1.0.0 <=1.2.2)

org.apache.openjpa:openjpa MAVEN version =1.0.0, =1.2.1, =1.0.0.1, =0.1, =2.2, =2.2, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.4 and more Source cves: CVE-2013-1768 Source advisory: OSV:GHSA-J65F-MVGW-PRP2...

br.net.woodstock.rockframework:rockframework-domain (>=1.2.4 <=2.0.8), br.net.woodstock.rockframework:rockframework-persistence (>=2.0.0 <=2.0.8) +422 more potentially affected by CVE-2013-1768 via org.apache.openjpa:openjpa (>=2.0.0 <=2.2.1)

org.apache.openjpa:openjpa MAVEN version =2.0.0, =1.2.4, =2.0.0, =1.0.0, =1.0.0, =18.0.0.3, =18.0.0.3, =18.0.0.3, =18.0.0.3, =18.0.0.3, =18.0.0.3, =18.0.0.3, =1.0.0, =0.20, =0.20, =2.1.0-rc.3 and more Source cves: CVE-2013-1768 Source advisory: OSV:GHSA-J65F-MVGW-PRP2...

Deserialization of Untrusted Data in Apache OpenJPA

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

GHSA-J65F-MVGW-PRP2 Deserialization of Untrusted Data in Apache OpenJPA

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

org.graniteds:granite-beanvalidation (>=2.1.0.GA <=3.0.0.M3), org.graniteds:granite-cdi (>=2.1.0.GA <=3.0.0.M3) +26 more potentially affected by CVE-2017-3199 via org.graniteds:granite-core (>=1.1.0.GA <=3.0.0.M3)

org.graniteds:granite-core MAVEN version =1.1.0.GA, =2.1.0.GA, =2.1.0.GA, =2.0.0.B1, =1.2.0, =1.1.0.GA, =1.1.0.GA, =1.1.0.GA, =2.3.0.GA, =2.0.0.B1, =1.1.0.GA, =2.0.0.B1, =2.0.0.B1, =1.1.0.GA, =1.2.0, =1.2.0SP1 and more Source cves: CVE-2017-3199 Source advisory: OSV:GHSA-8M35-R25C-QR56...

Mageia: Security Advisory (MGASA-2013-0292)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-19361

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

The vulnerability of the org.apache.openjpa.ee.WASRegistryManagedRuntime component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.apache.openjpa.ee.WASRegistryManagedRuntime component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrit...

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: improper polymorphic deserialization in openjpa class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...