EUVD-2019-0658

Malware in sbrugna...

EUVD-2019-0670

Malware in sbrugna...

Security Bulletin: Jackson-databind vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-14439, CVE-2019-14379)

Summary Jackson-databind is vulnerable to a remote attacker obtaining sensitive information or executing arbitrary code on the system which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-14439 Description: FasterXML jackson-databin...

FreeBSD : Payara -- A Polymorphic Typing issue in FasterXML jackson-databind (bd159669-0808-11eb-a3a4-0019dbb15b3f)

Payara Releases reports : The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases : - CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 1.4.0 release and security update

Red Hat AMQ Streams 1.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.7.0 Security Update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540)

Summary FasterXML Jackson library is shipped as a component of IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published. Vulnerability Detai...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-17531 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Whe...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-14439 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occur...

Security Bulletin: Vulnerability in Jackson-Databind Affects IBM Global High Availability Mailbox (CVE-2019-12814)

Summary Vulnerability CVE-2019-12814 in jackson-databind affects IBM Global High Availability Mailbox Vulnerability Details CVEID:CVE-2019-12814 DESCRIPTION: FasterXML jackson-databind could enable a remote attacker to obtain sensitive information, where the vulnerability is caused by a polymorph...

Remote Code Execution

FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

UBUNTU-CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update (Important) (RHSA-2019:2935)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2935 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

Design/Logic Flaw

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...