CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

857 matches found

Prion•added 2019/06/19 2:15 p.m.•23 views

Code injection

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

4.3CVSS7.1AI score0.18064EPSS

Exploits0References55Affected Software2

CVE•added 2019/06/19 1:24 p.m.•309 views

CVE-2019-12814

CVE-2019-12814 is detailed in an IBM security bulletin related to Cloudera Observability on Premises (IBM) 3.5.3. The flaw stems from a polymorphic-typing deserialization issue in FasterXML jackson-databind 2.x up to 2.9.9. When Default Typing is enabled for an externally exposed JSON endpoint an...

5.9CVSS7.3AI score0.18064EPSS

Exploits0References55Affected Software1

Cvelist•added 2019/06/19 1:24 p.m.•24 views

CVE-2019-12814

7.3AI score0.18064EPSS

Exploits0References55

Vulnrichment•added 2019/06/19 1:24 p.m.•1 views

CVE-2019-12814

9.3AI score0.18064EPSS

Exploits0References55

Debian CVE•added 2019/06/19 1:24 p.m.•24 views

CVE-2019-12814

5.9CVSS7.5AI score0.18064EPSS

Exploits0

Positive Technologies•added 2019/06/19 12:0 a.m.•4 views

PT-2019-3866 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x through 2.9.9 Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled for an externally exposed JSON endpoint and the service has JDOM 1.x or...

10CVSS7.7AI score0.62015EPSS

Exploits16References274

Veracode•added 2019/06/17 6:47 a.m.•46 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted object. The attack exists because it does not validate the gadget type before performing deserialization of polymorphic types with no limits...

5.9CVSS7.6AI score0.18064EPSS

Exploits0References90Affected Software39

Veracode•added 2019/06/14 3:58 a.m.•30 views

Unsafe Deserialization

jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...

5.9CVSS8.4AI score0.51266EPSS

Exploits2References65Affected Software38

IBM Security Bulletins•added 2019/06/12 11:40 p.m.•26 views

Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019)

Summary Vulnerability affects IBM Cloud Object Storage SDK Java. It has been addressed in the latest SDK Java release. Vulnerability Details CVE-ID: CVE-2019-12086 Description: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing...

7.5CVSS0.7AI score0.15179EPSS

Exploits2Affected Software1

OSV•added 2019/05/23 9:32 a.m.•1 views

GHSA-5WW9-J83M-Q7QX Information exposure in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS6.9AI score0.15179EPSS

Exploits2References46

Github Security Blog•added 2019/05/23 9:32 a.m.•123 views

Information exposure in FasterXML jackson-databind

7.5CVSS1.2AI score0.15179EPSS

Exploits2References46Affected Software1

Tenable Nessus•added 2019/05/22 12:0 a.m.•35 views

Debian DLA-1798-1 : jackson-databind security update

A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an attack...

7.5CVSS7.2AI score0.15179EPSS

Exploits2References3

OpenVAS•added 2019/05/22 12:0 a.m.•39 views

Debian: Security Advisory (DLA-1798-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9AI score0.15179EPSS

Exploits2References3

Prion•added 2019/05/17 5:29 p.m.•27 views

Design/Logic Flaw

5CVSS8AI score0.15179EPSS

Exploits2References41Affected Software2

OSV•added 2019/05/17 5:29 p.m.•3 views

UBUNTU-CVE-2019-12086

7.5CVSS6.9AI score0.15179EPSS

Exploits2References7

NVD•added 2019/05/17 5:29 p.m.•24 views

CVE-2019-12086

7.5CVSS8.2AI score0.15179EPSS

Exploits2References41

OSV•added 2019/05/17 5:29 p.m.•21 views

CVE-2019-12086

7.5CVSS7.3AI score

Exploits0References41

CVE•added 2019/05/17 4:57 p.m.•351 views

CVE-2019-12086

CVE-2019-12086 involves a polymorphic typing issue in FasterXML jackson-databind 2.x prior to 2.9.9. When Default Typing is enabled for an externally exposed JSON endpoint and a victim service has mysql-connector-java (8.0.14 or earlier) on the classpath, an attacker can send a crafted JSON to re...

7.5CVSS8.2AI score0.15179EPSS

Exploits2References41Affected Software1

Cvelist•added 2019/05/17 4:57 p.m.•25 views

CVE-2019-12086

8.2AI score0.15179EPSS

Exploits2References41

Debian CVE•added 2019/05/17 4:57 p.m.•42 views

CVE-2019-12086

7.5CVSS7.6AI score0.15179EPSS

Exploits2

Rows per page