Lucene search
K

4276 matches found

Cent OS
Cent OS
added 2020/04/30 7:53 p.m.427 views

java security update

CentOS Errata and Security Advisory CESA-2020:1512 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/29 11:17 a.m.39 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified vulnerability in...

7.2CVSS1.2AI score0.04221EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/04/28 4:10 p.m.4 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:10 p.m.6 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.02959EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:10 p.m.4 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18671EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:10 p.m.3 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS
Exploits0References4
OSV
OSV
added 2020/04/28 9:0 a.m.35 views

ALSA-2020:1644 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource...

9.8CVSS9.2AI score0.26587EPSS
Exploits6References13
Rockylinux
Rockylinux
added 2020/04/28 9:0 a.m.48 views

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

An update is available for jackson-core, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, jackson-annotations, jackson-databind, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis,...

9.8CVSS1.7AI score0.26587EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.246 views

CentOS 6 : java-1.7.0-openjdk (RHSA-2020:1508)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.254 views

CentOS 6 : java-1.8.0-openjdk (RHSA-2020:1506)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u24...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.49 views

RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1644 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: jackson-databin...

9.8CVSS7.7AI score0.26587EPSS
Exploits6References36
Fedora
Fedora
added 2020/04/26 2:49 a.m.34 views

[SECURITY] Fedora 31 Update: snakeyaml-1.26-1.fc31

SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...

7.5CVSS3.1AI score0.26723EPSS
Exploits1
Mageia
Mageia
added 2020/04/24 5:3 p.m.88 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

8.3CVSS1.3AI score0.0623EPSS
Exploits0References3
OSV
OSV
added 2020/04/24 5:3 p.m.10 views

MGASA-2020-0182 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/24 4:52 a.m.43 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Message Broker. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could all...

8.1CVSS1.2AI score0.04903EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.53 views

Oracle Linux 7 : java-11-openjdk (ELSA-2020-1509)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1509 advisory. 1:11.0.7.10-4.0.1 - link atomic for ix86 build 1:11.0.7.10-4 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.42 views

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-1515)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1515 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. -...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.36 views

Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-1507)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1507 advisory. 1:1.7.0.261-2.6.22.2.0.1 - Update DISTRONAME in specfile 1:1.7.0.261-2.6.22.2 - Modify NEWS installation to avoid subpackage naming. - Resolves:...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.260 views

Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1514 advisory. 1:11.0.7.10-1 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557 1:11.0.7.10-1 - Amend release notes, removing...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
OSV
OSV
added 2020/04/23 9:36 p.m.2 views

GHSA-758M-V56V-GRJ4 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane...

8.8CVSS7.1AI score0.03473EPSS
Exploits0References11
Rows per page
Query Builder