Lucene search
K
OracleClusterware

5 matches found

CVE
CVE
added 2018/02/06 3:0 p.m.299 views

CVE-2017-15095

Summary of CVE-2017-15095 and related sightings : The material consistently reports a deserialization flaw in jackson-databind, affecting versions prior to 2.8.10 and 2.9.1. An unauthenticated user could trigger code execution via ObjectMapper.readValue with malicious input. The issue is describe...

9.8CVSS9.2AI score0.08411EPSS
Web
CVE
CVE
added 2018/12/20 5:0 p.m.250 views

CVE-2018-1000873

CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....

6.5CVSS7.7AI score0.04758EPSS
CVE
CVE
added 2019/07/09 3:37 p.m.245 views

CVE-2018-11307

CVE-2018-11307 concerns a deserialization issue in FasterXML Jackson-databind from 2.0.0 to 2.9.5 that enables content exfiltration when using Jackson default typing with an iBatis gadget class. Affected: jackson-databind components in these versions. Impact: potential exposure of serialized cont...

9.8CVSS9.2AI score0.05683EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.222 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.97 views

CVE-2019-2860

The CVE-2019-2860 issue affects Oracle Clusterware via the Trace File Analyzer (TFA) Collector in Oracle Support Tools, with affected version 12.1.0.2.0. The vulnerability allows an unauthenticated, network-accessible attacker (no user interaction) to perform unauthorized updates, inserts or dele...

6.8CVSS5.2AI score0.01008EPSS