Download
| Alert*
|
oval:org.secpod.oval:def:50602
jackson-databind is installed oval:org.secpod.oval:def:112961 jackson-databind is installed oval:org.secpod.oval:def:1506172 apache-commons-collections apache-commons-net [3.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.6-1] - Update to upstream version 3.6 jss [4.9.4-1] - Rebase to JSS 4.9.4 - Bug 2013674 - JSS canno ... oval:org.secpod.oval:def:507274 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: access to external entities when parsing XML can lead to XXE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other ... oval:org.secpod.oval:def:119397 The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. oval:org.secpod.oval:def:117190 The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. oval:org.secpod.oval:def:117126 The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. oval:org.secpod.oval:def:117121 The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. oval:org.secpod.oval:def:113994 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113995 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:73606 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class For more details about the security issue, including the impact, a CVSS score, acknowledgm ... oval:org.secpod.oval:def:2500485 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:1505209 apache-commons-collections jss [4.8.1-2] - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error [4.8.1-1] - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla #1489256 - [RFE] jss should support RSA wi ... oval:org.secpod.oval:def:1505303 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:115963 The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. oval:org.secpod.oval:def:50606 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing ... oval:org.secpod.oval:def:112960 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113412 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113010 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113002 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113561 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:3300771 SUSE Security Update: Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core oval:org.secpod.oval:def:89047622 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. - CV ... oval:org.secpod.oval:def:3300848 SUSE Security Update: Security update for jackson-databind oval:org.secpod.oval:def:2500199 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:504689 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:2500205 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:68019 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:1505309 The advisory is missing the security advisory description. For more information please visit the reference link |
