4276 matches found
java security update
CentOS Errata and Security Advisory CESA-2020:1512 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in...
jackson-databind: Serialization gadgets in shaded-hikari-config
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in ibatis-sqlmap
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in anteros-core
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
ALSA-2020:1644 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource...
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
An update is available for jackson-core, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, jackson-annotations, jackson-databind, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis,...
CentOS 6 : java-1.7.0-openjdk (RHSA-2020:1508)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
CentOS 6 : java-1.8.0-openjdk (RHSA-2020:1506)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u24...
RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1644 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: jackson-databin...
[SECURITY] Fedora 31 Update: snakeyaml-1.26-1.fc31
SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...
MGASA-2020-0182 Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Message Broker. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could all...
Oracle Linux 7 : java-11-openjdk (ELSA-2020-1509)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1509 advisory. 1:11.0.7.10-4.0.1 - link atomic for ix86 build 1:11.0.7.10-4 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557...
Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-1515)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1515 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. -...
Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-1507)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1507 advisory. 1:1.7.0.261-2.6.22.2.0.1 - Update DISTRONAME in specfile 1:1.7.0.261-2.6.22.2 - Modify NEWS installation to avoid subpackage naming. - Resolves:...
Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1514 advisory. 1:11.0.7.10-1 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557 1:11.0.7.10-1 - Amend release notes, removing...
GHSA-758M-V56V-GRJ4 jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane...