Lucene search
K

4273 matches found

Prion
Prion
added 2020/03/18 10:15 p.m.30 views

Code injection

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

6.8CVSS9AI score0.07963EPSS
Exploits0References8Affected Software30
Vulnrichment
Vulnrichment
added 2020/03/18 9:17 p.m.29 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

6.7AI score0.02959EPSS
Exploits0References8
CVE
CVE
added 2020/03/18 9:17 p.m.465 views

CVE-2020-10672

CVE-2020-10672 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The issue arises from deserialization gadget/typing interaction (related to org.apache. Aries transaction JMS XaPooledConnectionFactory), enabling high-severity impact on data confidentiality/integrity/availability. Connecte...

8.8CVSS8.3AI score0.02959EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2020/03/18 9:17 p.m.34 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

9.1AI score0.02959EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/03/18 9:17 p.m.33 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS8.4AI score0.02959EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2020/03/18 9:17 p.m.21 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

6.7AI score0.07963EPSS
Exploits0References8
Cvelist
Cvelist
added 2020/03/18 9:17 p.m.24 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

9.1AI score0.07963EPSS
Exploits0References8
CVE
CVE
added 2020/03/18 9:17 p.m.432 views

CVE-2020-10673

CVE-2020-10673 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The IBM bulletin and the consolidated Jira/Advisory in connected docs describe a deserialization issue where interaction between serialization gadgets and typing (related to com.caucho.config.types.ResourceRef, aka caucho-qu...

8.8CVSS8.3AI score0.07963EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2020/03/18 9:17 p.m.31 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS8.4AI score0.07963EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/18 5:36 p.m.5 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.10676EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/03/18 5:36 p.m.9 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05329EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/18 12:0 a.m.40 views

RHEL 6 : java-1.8.0-ibm (RHSA-2020:0856)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0856 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

8.1CVSS6.9AI score0.04903EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2020/03/17 1:11 p.m.2 views

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/17 1:11 p.m.76 views

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS6.7AI score0.04903EPSS
Exploits0References5
NVD
NVD
added 2020/03/16 9:15 p.m.27 views

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

7.5CVSS7.6AI score0.02486EPSS
Exploits0References3
OSV
OSV
added 2020/03/16 9:15 p.m.6 views

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

7.5CVSS5.9AI score0.02486EPSS
Exploits0References3
Prion
Prion
added 2020/03/16 9:15 p.m.21 views

Stack overflow

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

5CVSS7.5AI score0.02486EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/03/16 8:49 p.m.90 views

CVE-2020-7248

CVE-2020-7248 affects the OpenWrt libubox library. Multiple sources describe a stack-based buffer overflow caused by a vulnerability in the tagged binary data JSON serialization, specifically in JSON conversion of binary blobs via blobmsg_format_json. The issue impacts OpenWrt before 18.06.7 and ...

7.5CVSS7.7AI score0.02486EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/16 5:52 a.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the WebSphere Message Broker V8.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7.0.10.50 used by WebSphere Message Brokerr V8. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019 Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerabilit...

6.8CVSS2.1AI score0.03749EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.33 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1208)

According to the version of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial ...

7.5CVSS6.7AI score0.07025EPSS
Exploits2References2
Rows per page
Query Builder