Lucene search
K

4273 matches found

Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.44 views

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2020-1395)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected a...

8.1CVSS6.3AI score0.04903EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2020/04/14 9:33 p.m.34 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS2.7AI score0.04211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/14 12:0 a.m.5 views

PT-2020-2543

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to the Serialization component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple...

4.3CVSS7.2AI score0.04211EPSS
Exploits0References287
Positive Technologies
Positive Technologies
added 2020/04/14 12:0 a.m.9 views

PT-2020-2544

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to the Serialization component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple...

8.3CVSS7.2AI score0.0447EPSS
Exploits0References288
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/10 6:15 p.m.27 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM LKS Administration & Reporting Tool and Agent

Summary Mutiple security vulnerabilities have been found in IBM Java Runtime used by IBM LKS Administration & Reporting Tool ART and Agent. A mitigation has been included in the latest release. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

8.1CVSS1.8AI score0.04903EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/09 7:34 a.m.29 views

CVE-2020-11112

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.03583EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/09 4:0 a.m.48 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data. It was possible for an untrusted class, org.springframework.aop.config.MethodLocatingFactoryBean, and org.springframework.beans.factory.config.BeanReferenceFactoryBean, to be used as a serialization gadget through polymorphic...

8.1CVSS5.5AI score0.03607EPSS
Exploits0References11Affected Software246
Cvelist
Cvelist
added 2020/04/07 11:34 p.m.18 views

CVE-2020-11630

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes connected via the Peers protocol allows insecure objects to be deserialized...

9.4AI score0.01268EPSS
Exploits0References1
OSV
OSV
added 2020/04/07 11:15 p.m.2 views

DEBIAN-CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS8.1AI score0.03607EPSS
Exploits0References1
NVD
NVD
added 2020/04/07 11:15 p.m.26 views

CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS8.7AI score0.03607EPSS
Exploits0References8
NVD
NVD
added 2020/04/07 11:15 p.m.19 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS8.7AI score0.05594EPSS
Exploits0References8
OSV
OSV
added 2020/04/07 11:15 p.m.29 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS6.5AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2020/04/07 11:15 p.m.39 views

CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/04/07 11:15 p.m.34 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS7.1AI score0.05594EPSS
Exploits0References4
OSV
OSV
added 2020/04/07 11:15 p.m.1 views

UBUNTU-CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS7.2AI score0.05594EPSS
Exploits0References5
Prion
Prion
added 2020/04/07 11:15 p.m.29 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

6.8CVSS8.6AI score0.05594EPSS
Exploits0References8Affected Software17
OSV
OSV
added 2020/04/07 11:15 p.m.3 views

UBUNTU-CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS7.2AI score0.03607EPSS
Exploits0References5
CVE
CVE
added 2020/04/07 10:14 p.m.391 views

CVE-2020-11620

CVE-2020-11620 : Jackson Databind 2.x before 2.9.10.4 has a deserialization issue arising from how serialization gadgets interact with typing, specifically related to org.apache.commons.jelly.impl.Embedded. This allows potential compromise of confidentiality, integrity, and availability (IBM X-Fo...

8.1CVSS8AI score0.05594EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2020/04/07 10:14 p.m.29 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.7AI score0.05594EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/04/07 10:14 p.m.30 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS8.7AI score0.05594EPSS
Exploits0
Rows per page
Query Builder