Download
| Alert*
oval:org.secpod.oval:def:505110
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:505037 The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:504924 The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:70388 libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:113994 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113995 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:53160 Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:53319 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. oval:org.secpod.oval:def:603137 Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:1900436 A deserialization flaw was discovered in the libjackson2-databind-java, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. oval:org.secpod.oval:def:45316 The host is installed with Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unauthenticated network access via HTTP. Successful exploitation allows an attacker to take ov ... oval:org.secpod.oval:def:112960 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113412 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113010 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:53189 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. oval:org.secpod.oval:def:113002 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113561 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:705903 libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file. |