[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:505110
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ...

oval:org.secpod.oval:def:505037
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ...

oval:org.secpod.oval:def:504924
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ...

oval:org.secpod.oval:def:70388
libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:113994
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113995
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:53160
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:53319
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:1900436
A deserialization flaw was discovered in the libjackson2-databind-java, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

oval:org.secpod.oval:def:45316
The host is installed with Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unauthenticated network access via HTTP. Successful exploitation allows an attacker to take ov ...

oval:org.secpod.oval:def:112960
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113412
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113010
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:53189
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:113002
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113561
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:705903
libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file.

CPE    6
cpe:/o:debian:debian_linux:9.0
cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-184
*CVE
CVE-2017-7525

© SecPod Technologies