Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Oracle Subscribe
Filtered by product Global Lifecycle Management Opatch
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1320 4 Apache, Debian, F5 and 1 more 5 Thrift, Debian Linux, Traffix Signaling Delivery Controller and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
CVE-2018-14719 5 Debian, Fasterxml, Netapp and 2 more 21 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 18 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 5 Debian, Fasterxml, Netapp and 2 more 26 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 23 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-11307 3 Fasterxml, Oracle, Redhat 8 Jackson-databind, Clusterware, Communications Instant Messaging Server and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVE-2018-1000873 3 Fasterxml, Netapp, Oracle 6 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.