Lucene search
K

4273 matches found

Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.33 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1208)

According to the version of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial ...

7.5CVSS6.7AI score0.07025EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2020/03/13 12:0 a.m.53 views

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1208)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.06165EPSS
Exploits1References2
Veracode
Veracode
added 2020/03/12 4:27 a.m.14 views

Remote Code Execution (RCE)

jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because untrusted classes org.apache.shiro.realm.jndi.JndiRealmFactory and org.apache.shiro.jndi.JndiObjectFactory were not filtered by default from the interaction between...

4.3AI score
Exploits0
OSV
OSV
added 2020/03/11 11:30 a.m.2 views

SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...

9.3CVSS7.5AI score0.07836EPSS
Exploits1References39
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/10 9:40 p.m.48 views

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS Base score: 8.1 CVSS Temporal Score: See:...

8.1CVSS1.2AI score0.04903EPSS
Exploits0Affected Software1
Gentoo Linux
Gentoo Linux
added 2020/03/07 12:0 a.m.43 views

Groovy: Arbitrary code execution

Background A multi-faceted language for the Java platform Description It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact An attacker, by crafting a special serialized object, could execute arbitrary code. Workaround There is no known...

9.8CVSS4.1AI score0.17239EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.76 views

Debian DLA-2135-1 : jackson-databind security update

The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS8AI score0.18671EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/03/06 12:0 a.m.69 views

Debian: Security Advisory (DLA-2135-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.18671EPSS
Exploits0References3
Debian
Debian
added 2020/03/05 10:55 p.m.102 views

[SECURITY] [DLA 2135-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u12 CVE ID : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and...

9.8CVSS10AI score0.18671EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/05 1:12 p.m.5 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.04918EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2020/03/04 12:0 a.m.610 views

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

9CVSS0.9AI score0.99965EPSS
Exploits30
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 3:26 p.m.24 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU ( CVE-2019-2978, CVE-2019-2983)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0, 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. There are multiple vulnerabilities in IBM SDK Java...

4.3CVSS1.1AI score0.03749EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2020/03/03 3:42 a.m.36 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data. It is possible because untrusted class org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config was not filtered by default from the interaction between serialization gadgets and polymorphic typing...

9.8CVSS3.5AI score0.04613EPSS
Exploits0References28Affected Software305
NVD
NVD
added 2020/03/02 4:15 a.m.31 views

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS9.3AI score0.18671EPSS
Exploits0References23
NVD
NVD
added 2020/03/02 4:15 a.m.36 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS9.3AI score0.18345EPSS
Exploits0References16
OSV
OSV
added 2020/03/02 4:15 a.m.39 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS9.3AI score
Exploits0References16
OSV
OSV
added 2020/03/02 4:15 a.m.39 views

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS9.3AI score
Exploits0References23
OSV
OSV
added 2020/03/02 4:15 a.m.2 views

DEBIAN-CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS8.1AI score0.18671EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 4:15 a.m.4 views

DEBIAN-CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS8.1AI score0.18345EPSS
Exploits0References1
NVD
NVD
added 2020/03/02 4:15 a.m.23 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS9.3AI score0.04613EPSS
Exploits0References17
Rows per page
Query Builder