98 matches found
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
PT-2017-4061
Name of the Vulnerable Software and Affected Versions jackson-databind versions prior to 2.6.7.1 jackson-databind versions prior to 2.7.9.1 jackson-databind versions prior to 2.8.9 jackson-databind versions 2.0.0 through 2.9.5 Description A deserialization flaw in the jackson-databind library is...
AZL-7171 CVE-2017-6828 affecting package audiofile 0.3.6-27
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file...
AZL-36920 CVE-2017-6828 affecting package audiofile 0.3.6-27
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file...
DEBIAN-CVE-2017-6828
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file...
UBUNTU-CVE-2017-6828
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
HP eSupportDiagnostics ActiveX unauthorized access
Unsafe ReadTextFile / ReadValue methods allow file system / registry access...
CVE-2007-6513
HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...
CVE-2007-6513
HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...