what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2020-25649

Status Candidate

Overview

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Related Files

Red Hat Security Advisory 2021-2476-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Red Hat Security Advisory 2021-2475-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | 44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Red Hat Security Advisory 2021-2039-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.

tags | advisory, remote, registry, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14040, CVE-2020-25638, CVE-2020-25649
SHA-256 | 016baf810f0fc092f71233e8a3a373f15cd931df73eb2a65bb7e42e8e6050a8a
Red Hat Security Advisory 2021-1429-01
Posted May 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1429-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649, CVE-2021-20305, CVE-2021-2163, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347, CVE-2021-3447
SHA-256 | 080261f12c95415e46d2e885ab13d75245d27a7ac95fd992cb11dd540475be30
Red Hat Security Advisory 2021-1260-01
Posted Apr 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1260-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.7.0 serves as a replacement for Red Hat AMQ Streams 1.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | e0b81f5d0387311e1b5ac88ce04430cc7c74c339150ee560224ac6864c135316
Red Hat Security Advisory 2021-0811-01
Posted Mar 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-13946, CVE-2020-13956, CVE-2020-25649
SHA-256 | c28667fc0da99f8d9f7d95ddffa82106e756d05bf694491cc1ef1780fba154b5
Red Hat Security Advisory 2021-0381-01
Posted Feb 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0381-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | 0326933ac26772d368b4bd4bef05ffbd71afc64484937477309a97415799d61f
Red Hat Security Advisory 2020-5361-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5361-01 - This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include XML injection, bypass, denial of service, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-25638, CVE-2020-25649
SHA-256 | 9e71c6b2a14aa1556e828682dbaf09622600c6b0250faa6360fd794afaaf7f80
Red Hat Security Advisory 2020-5533-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5533-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-10695, CVE-2020-13822, CVE-2020-25638, CVE-2020-25649, CVE-2020-27826
SHA-256 | eaa87ce50be16945bab184dd40e9a5f620f97137e5c67be852549e6da2954570
Red Hat Security Advisory 2020-5410-01
Posted Dec 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5410-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection and memory leak vulnerabilities.

tags | advisory, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-25644, CVE-2020-25649
SHA-256 | 83904f3e200bc90e1a7363c0a9f20c271e362b34ec7e513e7d54bb76ec83b366
Red Hat Security Advisory 2020-5342-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | acbd3e14db6d09834afce1f465061e1d2d38d186b4b4b021dd8e2eabe1bfbb14
Red Hat Security Advisory 2020-5341-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5341-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | 1f25f6133d8217c8b4ac927a7eab59218376028fe23c68c04f2ffa4e37fecaa8
Red Hat Security Advisory 2020-5340-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | 3712a4ee80a9d53ebbdedd13d2f4fc5a4f1962a34e416dca9868e135339bb982
Red Hat Security Advisory 2020-5344-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5344-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | b9621d35f7b316a7c076ea7be96f7049b75a77d2af661325878fae30aa379148
Red Hat Security Advisory 2020-4379-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | 03c60bfa2d8c1046248c0cfa4c939826b7f73b98d517ee74c3b85197ca0a4fa7
Red Hat Security Advisory 2020-4401-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | b7a02e45e46a228bef4652e4bb70313bcdbe4a054740dfa641d3a40949ec80f3
Red Hat Security Advisory 2020-4402-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4402-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | f8f28f5ec717284a1b7ad5d39c088e87cc54b36b3b01f6f0b0e3b6a38a22f0aa
Red Hat Security Advisory 2020-4312-01
Posted Oct 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | 18bf5956329cfe1c1947719c6bc15e45f7f134d6bbf4ce1f9f266fd71956393c
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close