what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2019-12384

Status Candidate

Overview

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Related Files

Red Hat Security Advisory 2019-2998-01
Posted Oct 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2998-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.5.0 serves as a replacement for RHOAR Thorntail 2.4.0, and includes security and bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-10184, CVE-2019-10212, CVE-2019-12086, CVE-2019-12384, CVE-2019-14379, CVE-2019-3868, CVE-2019-3888
MD5 | 28377943fdda0cfb44e37a74ab1c6944
Debian Security Advisory 4542-1
Posted Oct 7, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server.

tags | advisory, java, arbitrary, code execution
systems | linux, debian
advisories | CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943
MD5 | e509eea85afe53f7ec68ab71ee2d7af6
Red Hat Security Advisory 2019-2937-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2937-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-10184, CVE-2019-10202, CVE-2019-10212, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379
MD5 | 5d01cb3be70ed31c1ba28e906e9f6190
Red Hat Security Advisory 2019-2935-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2935-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-10184, CVE-2019-10202, CVE-2019-10212, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379
MD5 | 1a7477240cdcc1e0f790d9e4e351d91c
Red Hat Security Advisory 2019-2938-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2938-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-10184, CVE-2019-10202, CVE-2019-10212, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379
MD5 | 7313bc38e1de56a2756febd076b326d1
Red Hat Security Advisory 2019-2936-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2936-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-10184, CVE-2019-10202, CVE-2019-10212, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379
MD5 | 9ed47e7f238b8290f0b0a86c804ad20d
Red Hat Security Advisory 2019-2858-01
Posted Sep 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2858-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for both jackson-databind and guava in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 4.1.18. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-10237, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379
MD5 | e22902c351ac361f415119126dd45aae
Red Hat Security Advisory 2019-2720-01
Posted Sep 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2720-01 - The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12384
MD5 | 563e60dcca8c800e06924d8b82b0d6f1
Red Hat Security Advisory 2019-1820-01
Posted Jul 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1820-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12384
MD5 | 05022fdd682471ac5e04e046825a690b
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close