Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
3f87f3755ce52d2f838568100aa5bcddd41562af238a4049341de0c8ae70d50cRed Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, and traversal vulnerabilities.
d033b077fbe5857e973c9773a4c3ebbcdddde8391b77c6d861aa36baf37bde9fRed Hat Security Advisory 2019-3149-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for jackson-databind in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 3.11.153. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
5b5749c71d52c3690eb137ec23b207f4283a94baacb4c994ead4402f6eddba76Red Hat Security Advisory 2019-2858-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for both jackson-databind and guava in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 4.1.18. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
a85ed2e06864386321cea11d7342ff644000cb72324d0fc21bf798a437bb758eRed Hat Security Advisory 2018-2927-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include cross site scripting, denial of service, deserialization, information leakage, and remote SQL injection vulnerabilities.
28fc612d55914841a03c100791e1a5e510f200a646c0e0c2cab3742c7ef9004fRed Hat Security Advisory 2018-1448-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
3c0c1ca65d59c2c4e54c42628e2675bc4b0c3a29236da3e884ab31d478a28679Red Hat Security Advisory 2018-1449-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
f070e28e8e82699624cb25ee0c2660f74d5f3385a6584e52ebfcc2f6d8983c73Red Hat Security Advisory 2018-1447-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
bafa2c4701c1956e519818e15b5819d0d12df2733c02541185a265d7a4fd8c69Red Hat Security Advisory 2018-1451-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Issues addressed include code execution and traversal vulnerabilities.
071f79f013467ccb6e777f227def5d0666e250099e79aecdeacde603e7f87b14Red Hat Security Advisory 2018-1450-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
df4e2952c8fb6dd18bda14d8ee9ce25b96718185533685523d56a0e9fd70c167Red Hat Security Advisory 2018-0577-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.9 serves as a replacement for Red Hat JBoss BPM Suite 6.4.8, and includes bug fixes and enhancements. Issues addressed include an unsafe deserialization.
3cb20342e0b9efd7127480a6a4332fc2b3ca035d5ff90a465ff02df3041ccdcfRed Hat Security Advisory 2018-0576-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.9 serves as a replacement for Red Hat JBoss BRMS 6.4.8, and includes bug fixes and enhancements. Issues addressed include unsafe deserialization.
d0ae946550440d0cb883f3cc2701bc608727fa2cdff7235ecc2c15e1174c6c33Red Hat Security Advisory 2018-0481-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.1.
6fc0fc323c900c11d8670ee97688642cc6279ebe168f23f08f82281062e30e30Red Hat Security Advisory 2018-0479-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: artemis/hornetq: memory exhaustion via UDP and JGroups discovery.
f00218c15f5f0bedbbf7e7de0a4bc8451983f2d29d9f7f83dc0bc523929708deRed Hat Security Advisory 2018-0480-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: artemis/hornetq: memory exhaustion via UDP and JGroups discovery.
6ab28d8e1ef2c4ab22539cf7421f524c63213caa39e76c2f6d8ef379a1620448Red Hat Security Advisory 2018-0478-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.0, and includes bug fixes and enhancements. Security Fix: artemis/hornetq: memory exhaustion via UDP and JGroups discovery.
2a3d0ec0724016ad7429c5155f0bd90dba630372559e660625b6f31a48c6b7eeRed Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.
6c43e18a6120401c278a1c45ec616eece4dffcb52a0c05c541f3dcf91ad4be85Debian Linux Security Advisory 4037-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to set of classes was identified as unsafe for deserialization.
7a455ad321d90ebf5a8b6b75cdee7ba7bb19d9827d306543a7dfceb8fee01eacRed Hat Security Advisory 2017-3190-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
0f66526d3adb74611a2e167794e574844c5c9f442aa93edb3aac396a40765ffeRed Hat Security Advisory 2017-3189-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
d827bd4f9f80195a614a921ac149b33e2a8efccbd3a08e8611dd7843b70ce7a3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed