Lucene search
K

4275 matches found

Github Security Blog
Github Security Blog
added 2020/04/23 9:8 p.m.85 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS3.2AI score0.04613EPSS
Exploits0References29Affected Software1
OSV
OSV
added 2020/04/23 9:8 p.m.1 views

GHSA-5P34-5M6P-P58G jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References29
Github Security Blog
Github Security Blog
added 2020/04/23 8:19 p.m.67 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS3.5AI score0.05594EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2020/04/23 8:19 p.m.0 views

GHSA-H4RC-386G-6M85 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS7.1AI score0.05594EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2020/04/23 4:32 p.m.77 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS3.5AI score0.02959EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2020/04/23 4:32 p.m.0 views

GHSA-95CM-88F5-F2C7 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS6.9AI score0.02959EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2020/04/22 3:34 p.m.29 views

CVE-2020-11620

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.05594EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/04/22 9:36 a.m.3 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 9:18 a.m.3 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 9:16 a.m.4 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.38 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.39 views

RHEL 8 : java-1.8.0-openjdk (RHSA-2020:1516)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1516 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

8.3CVSS6.8AI score0.0623EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.53 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.240 views

Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Application data accepted before TLS handshake completion JSSE, 8235691 CVE-2020-2816 - OpenJDK...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.43 views

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2020-1506)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1506 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. -...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.35 views

RHEL 8 : java-11-openjdk (RHSA-2020:1517)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

8.3CVSS6.8AI score0.0623EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.49 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2020/04/22 12:0 a.m.12 views

The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client arises from the lack of checks on the size of input data when using buffers. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the lack of checks on the size of input data when using buffers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential...

9.3CVSS7.7AI score0.01892EPSS
Exploits1References13Affected Software8
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.247 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2020/04/21 4:34 p.m.157 views

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
Rows per page
Query Builder