exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

CVE-2020-25649

Status Candidate

Overview

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Related Files

Red Hat Security Advisory 2021-2476-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
MD5 | c0c8f378f5d9f79ba0df8fb5e29cbed4
Red Hat Security Advisory 2021-2475-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
MD5 | 22809b1f1c426fc27604e0bd6d4c8b79
Red Hat Security Advisory 2021-2039-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.

tags | advisory, remote, registry, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14040, CVE-2020-25638, CVE-2020-25649
MD5 | a7f2b920bee53e427f11e78f85418989
Red Hat Security Advisory 2021-1429-01
Posted May 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1429-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649, CVE-2021-20305, CVE-2021-2163, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347, CVE-2021-3447
MD5 | 25c9b72c858aed26197391187cf2d3ee
Red Hat Security Advisory 2021-1260-01
Posted Apr 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1260-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.7.0 serves as a replacement for Red Hat AMQ Streams 1.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 8208717753b6b6b9cac774e305322eef
Red Hat Security Advisory 2021-0811-01
Posted Mar 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-13946, CVE-2020-13956, CVE-2020-25649
MD5 | 4a3e2e63af8c74516c8ec10f448fbebf
Red Hat Security Advisory 2021-0381-01
Posted Feb 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0381-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 92eeb68bad6174b72713cc441d454a82
Red Hat Security Advisory 2020-5361-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5361-01 - This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include XML injection, bypass, denial of service, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-25638, CVE-2020-25649
MD5 | 18127811ab5157ce8edc1fde98458362
Red Hat Security Advisory 2020-5533-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5533-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-10695, CVE-2020-13822, CVE-2020-25638, CVE-2020-25649, CVE-2020-27826
MD5 | 670eb1fe56304679a7ace1ab4d8fa0ea
Red Hat Security Advisory 2020-5410-01
Posted Dec 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5410-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection and memory leak vulnerabilities.

tags | advisory, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-25644, CVE-2020-25649
MD5 | c588980e9ca009f602d131c7f03d3ef8
Red Hat Security Advisory 2020-5342-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
MD5 | f3da3a857cd5d1a25083fe1074923453
Red Hat Security Advisory 2020-5341-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5341-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
MD5 | 2f32d3532759da33ac105fbb5d9559db
Red Hat Security Advisory 2020-5340-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
MD5 | fd5f47be3b183253dfdf3ec7a25d546f
Red Hat Security Advisory 2020-5344-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5344-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
MD5 | 94085eef489b46d47ad00938de334025
Red Hat Security Advisory 2020-4379-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 0cf46118f69703d7bfa10646e22dac09
Red Hat Security Advisory 2020-4401-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | c6734a15901d8b6f939fef6f1ad12e04
Red Hat Security Advisory 2020-4402-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4402-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 96d6633cd6cef7c456fbbb9879267dc9
Red Hat Security Advisory 2020-4312-01
Posted Oct 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | a520b0d688be20abb24d3ac840107a33
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close