CVSS: 8.8EPSS: 1%CPEs: 56EXPL: 0CVE-2020-10969 – jackson-databind: Serialization gadgets in javax.swing.JEditorPane
https://notcve.org/view.php?id=CVE-2020-10969
26 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con javax.swing.JEditorPane. A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat fr... • https://github.com/FasterXML/jackson-databind/issues/2642 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 40%CPEs: 54EXPL: 0CVE-2020-10672 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10672
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms). A fl... • https://github.com/FasterXML/jackson-databind/issues/2659 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 20%CPEs: 55EXPL: 2CVE-2020-10673 – jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
https://notcve.org/view.php?id=CVE-2020-10673
18 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML j... • https://github.com/Al1ex/CVE-2020-10673 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 59EXPL: 0CVE-2020-9546 – jackson-databind: Serialization gadgets in shaded-hikari-config
https://notcve.org/view.php?id=CVE-2020-9546
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config). A flaw was found in jackson-databind... • https://github.com/FasterXML/jackson-databind/issues/2631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 6%CPEs: 31EXPL: 1CVE-2020-9547 – jackson-databind: Serialization gadgets in ibatis-sqlmap
https://notcve.org/view.php?id=CVE-2020-9547
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (también se conoce como ibatis-sqlmap). A flaw was found in jackson-databind ... • https://github.com/fairyming/CVE-2020-9547 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 13%CPEs: 46EXPL: 1CVE-2020-9548 – jackson-databind: Serialization gadgets in anteros-core
https://notcve.org/view.php?id=CVE-2020-9548
02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (también se conoce como anteros-core). A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the... • https://github.com/fairyming/CVE-2020-9548 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 6%CPEs: 8EXPL: 0CVE-2019-0219
https://notcve.org/view.php?id=CVE-2019-0219
14 Jan 2020 — A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. Un sitio web ejecutado en la vista web de InAppBrowser en Android podría ejecutar JavaScript arbitrario en la vista web de la aplicación principal usando un URI gap-iab: especialmente diseñado. • http://www.openwall.com/lists/oss-security/2019/11/28/1 •
CVSS: 9.8EPSS: 2%CPEs: 53EXPL: 0CVE-2019-20330 – jackson-databind: lacks certain net.sf.ehcache blocking
https://notcve.org/view.php?id=CVE-2019-20330
03 Jan 2020 — FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. FasterXML jackson-databind versiones 2.x anteriores a la versión 2.9.10.2, carece de cierto bloqueo de net.sf.ehcache. Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire ... • https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-3740
https://notcve.org/view.php?id=CVE-2019-3740
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explota... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2019-3739
https://notcve.org/view.php?id=CVE-2019-3739
18 Sep 2019 — RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves ECDSA. Un atacante remoto malicioso podría explotar potencialmente ... • https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities • CWE-203: Observable Discrepancy CWE-310: Cryptographic Issues •