Lucene search
K

4276 matches found

OSV
OSV
added 2020/05/15 6:58 p.m.2 views

GHSA-9VVP-FXW6-JCXR jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

8.8CVSS7.2AI score0.06278EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.128 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

8.8CVSS3.7AI score0.06278EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2020/05/15 6:58 p.m.7 views

GHSA-27XJ-RQX5-2255 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.164 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS3.5AI score0.03607EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2020/05/15 5:27 a.m.47 views

Insecure Deserialization

camel-netty is vulnerable to insecure deserialization. If no codec is specified, it allows objects deserialization using java serialization and deserialization by default rather than restricting only to Strings...

9.8CVSS3.4AI score0.06592EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/15 12:0 a.m.61 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2020-1365)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.1.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1365 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References17
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.27 views

TYPO3 9.0.0 < 9.5.17, 10.0.0 < 10.4.2 Multiple Vulnerabilities (TYPO3-CORE-SA-2020-002, TYPO3-CORE-SA-2020-004 to TYPO3-CORE-SA-2020-006)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if description...

10CVSS7.2AI score0.0199EPSS
Exploits0References8
Amazon
Amazon
added 2020/05/13 12:0 a.m.151 views

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

8.3CVSS6.7AI score0.0623EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/13 12:0 a.m.49 views

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1424)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1424 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References17
Packet Storm
Packet Storm
added 2020/05/12 12:0 a.m.119 views

TylerTech Eagle 2018.3.11 Remote Code Execution

Exploit Title: TylerTech Eagle 2018.3.11 - Remote Code Execution Date: 2019-10-08 Exploit Author: Anthony Cole Vendor Homepage: https://www.tylertech.com/products/eagle Version: 2018.3.11 Tested on: Windows 2012 CVE: N/A Category: webapps Eagle is a software written in Java by TylerTech. Version...

0.1AI score
Exploits0
CNVD
CNVD
added 2020/05/08 12:0 a.m.2 views

Mozilla Firefox Code Issue Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 76, which stems from the program failing to properly serialize nsIPrincipal.origin for IPv6 addresses. A remote attacker could explo...

9.8CVSS8.6AI score0.01582EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/05/08 12:0 a.m.33 views

MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Windows

MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.3CVSS5.5AI score0.0066EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/05/08 12:0 a.m.26 views

MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Linux

MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.3CVSS5.5AI score0.0066EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/05/07 12:0 a.m.13 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS7.2AI score0.01582EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/05/07 12:0 a.m.103 views

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.252.b09-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1421 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

8.3CVSS6.6AI score0.0623EPSS
Exploits0References21
OSV
OSV
added 2020/05/07 12:0 a.m.0 views

UBUNTU-CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS7.3AI score0.01582EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/05/06 3:15 p.m.15 views

CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...

5.3CVSS6.1AI score0.0066EPSS
Exploits0References2
OSV
OSV
added 2020/05/06 3:15 p.m.1 views

UBUNTU-CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...

5.3CVSS6AI score0.0066EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.31 views

EulerOS Virtualization for ARM 64 3.0.2.0 : numpy (EulerOS-SA-2020-1545)

According to the version of the numpy packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remo...

9.8CVSS8.3AI score0.17078EPSS
Exploits2References2
Cent OS
Cent OS
added 2020/04/30 7:54 p.m.265 views

java security update

CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References7
Rows per page
Query Builder