Lucene search
K

4278 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/08/06 2:23 p.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-2805...

8.3CVSS0.7AI score0.0623EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/08/05 2:53 p.m.42 views

GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.4AI score0.04409EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 5:26 a.m.44 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2800 DESCRIPTION: An unspecified...

5.8CVSS1.7AI score0.04211EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2020/07/31 7:43 p.m.43 views

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

6.8CVSS3AI score0.01856EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/07/31 7:40 p.m.34 views

CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.5AI score0.04409EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.4 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

8.8CVSS7.1AI score0.03473EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.4 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18671EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.4 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.5 views

jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.03538EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.5 views

jackson-databind: serialization in weblogic/oracle-aqjms

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.04421EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.3 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.5 views

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.06278EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.5 views

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

8.8CVSS7.1AI score0.03473EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.1 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18671EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.3 views

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.05594EPSS
Exploits0References4
Rows per page
Query Builder