Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Filter

2840 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12384 3 Fasterxml, Debian, Redhat 3 Jackson-databind, Debian Linux, Enterprise Linux 2019-08-22 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may...
CVE-2018-12023 5 Fasterxml, Oracle, Fedoraproject and 2 more 26 Jackson-databind, Banking Platform, Communications Billing And Revenue Management and 23 more 2019-08-22 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can...
CVE-2018-12022 5 Fasterxml, Fedoraproject, Oracle and 2 more 11 Jackson-databind, Fedora, Jd Edwards Enterpriseone Tools and 8 more 2019-08-22 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework)...
CVE-2018-19362 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-7489 4 Fasterxml, Debian, Oracle and 1 more 5 Jackson-databind, Debian Linux, Communications Billing And Revenue Management and 2 more 2019-08-22 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending...
CVE-2018-19361 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2017-17485 3 Fasterxml, Debian, Redhat 7 Jackson-databind, Jackson, Debian Linux and 4 more 2019-08-22 7.5
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input...
CVE-2015-5183 2 Apache, Redhat 3 Activemq, Jboss A-mq, Jboss Fuse 2019-08-21 7.5
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
CVE-2017-15095 3 Fasterxml, Debian, Redhat 4 Jackson-databind, Debian Linux, Jackson and 1 more 2019-08-21 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the...
CVE-2017-7525 3 Fasterxml, Debian, Redhat 6 Jackson-databind, Debian Linux, Jackson and 3 more 2019-08-21 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the...
CVE-2018-14720 4 Fasterxml, Debian, Oracle and 1 more 13 Jackson-databind, Debian Linux, Banking Platform and 10 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14721 4 Fasterxml, Debian, Oracle and 1 more 14 Jackson-databind, Debian Linux, Banking Platform and 11 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14719 4 Fasterxml, Debian, Oracle and 1 more 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2019-10199 1 Redhat 1 Keycloak 2019-08-19 6.8
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2016-4273 2 Adobe, Redhat 4 Flash Player, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2019-08-19 10.0
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2018-18359 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Linux Desktop and 2 more 2019-08-17 6.8
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-18358 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.