4289 matches found
Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway
Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS Base score: 8.1 CVSS Temporal Score: See:...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact An attacker, by crafting a special serialized object, could execute arbitrary code. Workaround There is no known...
Debian DLA-2135-1 : jackson-databind security update
The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...
Debian: Security Advisory (DLA-2135-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2135-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u12 CVE ID : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Exchange Control Panel Viewstate Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU ( CVE-2019-2978, CVE-2019-2983)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0, 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. There are multiple vulnerabilities in IBM SDK Java...
Deserialization Of Untrusted Object
jackson-databind is vulnerable to deserialization of untrusted data. It is possible because untrusted class org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config was not filtered by default from the interaction between serialization gadgets and polymorphic typing...
CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...
CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...
CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
DEBIAN-CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...
DEBIAN-CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
CVE-2020-9546
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...
DEBIAN-CVE-2020-9546
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...
CVE-2020-9546
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...
CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...