Lucene search
K

4289 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/03/10 9:40 p.m.49 views

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS Base score: 8.1 CVSS Temporal Score: See:...

8.1CVSS1.2AI score0.04903EPSS
Exploits0Affected Software1
Gentoo Linux
Gentoo Linux
added 2020/03/07 12:0 a.m.46 views

Groovy: Arbitrary code execution

Background A multi-faceted language for the Java platform Description It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact An attacker, by crafting a special serialized object, could execute arbitrary code. Workaround There is no known...

9.8CVSS4.1AI score0.17239EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.77 views

Debian DLA-2135-1 : jackson-databind security update

The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS8AI score0.18671EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/03/06 12:0 a.m.71 views

Debian: Security Advisory (DLA-2135-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.18671EPSS
Exploits0References3
Debian
Debian
added 2020/03/05 10:55 p.m.103 views

[SECURITY] [DLA 2135-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u12 CVE ID : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 The following CVEs were reported for jackson-databind source package. CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and...

9.8CVSS10AI score0.18671EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/05 1:12 p.m.5 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.04918EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2020/03/04 12:0 a.m.610 views

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

9CVSS0.9AI score0.99965EPSS
Exploits30
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/03 3:26 p.m.24 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU ( CVE-2019-2978, CVE-2019-2983)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0, 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. There are multiple vulnerabilities in IBM SDK Java...

4.3CVSS1.1AI score0.03749EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2020/03/03 3:42 a.m.37 views

Deserialization Of Untrusted Object

jackson-databind is vulnerable to deserialization of untrusted data. It is possible because untrusted class org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config was not filtered by default from the interaction between serialization gadgets and polymorphic typing...

9.8CVSS3.5AI score0.04613EPSS
Exploits0References28Affected Software305
NVD
NVD
added 2020/03/02 4:15 a.m.31 views

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS9.3AI score0.18671EPSS
Exploits0References23
OSV
OSV
added 2020/03/02 4:15 a.m.40 views

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS9.3AI score
Exploits0References23
NVD
NVD
added 2020/03/02 4:15 a.m.39 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS9.3AI score0.18345EPSS
Exploits0References16
OSV
OSV
added 2020/03/02 4:15 a.m.40 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS9.3AI score
Exploits0References16
OSV
OSV
added 2020/03/02 4:15 a.m.2 views

DEBIAN-CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS8.1AI score0.18671EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 4:15 a.m.4 views

DEBIAN-CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS8.1AI score0.18345EPSS
Exploits0References1
NVD
NVD
added 2020/03/02 4:15 a.m.23 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS9.3AI score0.04613EPSS
Exploits0References17
OSV
OSV
added 2020/03/02 4:15 a.m.4 views

DEBIAN-CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS8.1AI score0.04613EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 4:15 a.m.31 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS9.3AI score
Exploits0References17
Prion
Prion
added 2020/03/02 4:15 a.m.29 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

6.8CVSS9.2AI score0.04613EPSS
Exploits0References17Affected Software31
UbuntuCve
UbuntuCve
added 2020/03/02 4:15 a.m.51 views

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS7.1AI score0.18671EPSS
Exploits0References4
Rows per page
Query Builder