Lucene search
K

4276 matches found

OSV
OSV
added 2020/06/14 8:15 p.m.30 views

CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.1CVSS6.5AI score
Exploits0References9
OSV
OSV
added 2020/06/14 8:15 p.m.24 views

CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS6.5AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2020/06/14 8:15 p.m.32 views

CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS6.8AI score0.08072EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/06/14 8:15 p.m.24 views

CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.1CVSS6.8AI score0.04421EPSS
Exploits0References4
Prion
Prion
added 2020/06/14 8:15 p.m.26 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

6.8CVSS8.6AI score0.08072EPSS
Exploits0References9Affected Software12
Prion
Prion
added 2020/06/14 8:15 p.m.26 views

Memory corruption

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

6.8CVSS8.6AI score0.04421EPSS
Exploits0References9Affected Software14
OSV
OSV
added 2020/06/14 8:15 p.m.5 views

UBUNTU-CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS6.8AI score0.08072EPSS
Exploits0References5
OSV
OSV
added 2020/06/14 8:15 p.m.4 views

UBUNTU-CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.1CVSS6.8AI score0.04421EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/06/14 7:42 p.m.21 views

CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.7AI score0.04421EPSS
Exploits0References9
CVE
CVE
added 2020/06/14 7:42 p.m.462 views

CVE-2020-14061

CVE-2020-14061 concerns Jackson Databind 2.x before 2.9.10.5, where deserialization gadgets typing interaction (including oracle.jms.AQjms* components) can be exploited. IBM and NVD references show a high-severity exposure (base scores up to 8.1–9.8) with network attack vector and partial to high...

8.1CVSS8.5AI score0.04421EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2020/06/14 7:42 p.m.44 views

CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.1CVSS7.7AI score0.04421EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2020/06/14 7:42 p.m.2 views

CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

7.1AI score0.04421EPSS
Exploits0References9
Cvelist
Cvelist
added 2020/06/14 7:42 p.m.26 views

CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.7AI score0.08072EPSS
Exploits0References9
CVE
CVE
added 2020/06/14 7:42 p.m.447 views

CVE-2020-14062

CVE-2020-14062 affects jackson-databind 2.x prior to 2.9.10.5, where interaction between serialization gadgets and typing (related to JNDIConnectionPool) can lead to deserialization abuse with high impact. IBM/X-Force entries consolidate this as a 9.8/3.0 vulnerability. In the connected IBM bulle...

8.1CVSS8.6AI score0.08072EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2020/06/14 7:42 p.m.32 views

CVE-2020-14062

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS7.8AI score0.08072EPSS
Exploits0
Cvelist
Cvelist
added 2020/06/11 5:0 p.m.43 views

CVE-2020-5411 Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

8.3AI score0.01856EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.4 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18671EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.2 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.86 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.26587EPSS
Exploits7References75
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.3 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
Rows per page
Query Builder