381 matches found
EUVD-2020-0440
Malware in sbrugna...
EUVD-2019-0198
Malware in sbrugna...
EUVD-2019-0186
Malware in sbrugna...
EUVD-2019-0173
Malware in sbrugna...
EUVD-2019-0181
Malware in sbrugna...
EUVD-2020-0420
Malware in sbrugna...
EUVD-2019-0182
Malware in sbrugna...
EUVD-2019-0191
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-14720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK...
Linux Distros Unpatched Vulnerability : CVE-2018-19362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from...
Linux Distros Unpatched Vulnerability : CVE-2019-12384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from...
jackson-databind: default typing mishandling leading to remote code execution
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...
RHEL 8 : opendaylight (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to FasterXML jackson-databind
Summary IBM B2B Advanced Communications has addressed vulnerabilities in jackson-databind shipped with product. Vulnerability Details CVEID:CVE-2018-14719 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block...
SUSE CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
SUSE CVE-2018-19360
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...
SUSE CVE-2018-19362
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...
SUSE CVE-2019-14893
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...