Clusterware Security Vulnerabilities and Issues — Clusterware CVE List

Lucene search

OracleClusterware

3 matches found

CVE•added 2019/07/09 4:15 p.m.•206 views

CVE-2018-11307

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

9.8CVSS9.2AI score0.77336EPSS

CVE•added 2019/01/02 6:29 p.m.•202 views

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8CVSS9.8AI score0.02654EPSS

CVE•added 2019/07/23 11:15 p.m.•87 views

CVE-2019-2860

Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). The supported version that is affected is 12.1.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

6.8CVSS5.2AI score0.00635EPSS