Lucene search
K
OracleGlobal Lifecycle Management Opatch

25 matches found

CVE
CVE
added 2022/03/11 12:0 a.m.849 views

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

7.5CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2019/09/15 9:45 p.m.599 views

CVE-2019-14540

CVE-2019-14540 affects jackson-databind up to version 2.9.10 with serialization gadget risk involving the HikariCP classes (com.zaxxer.hikari.HikariConfig). The authoritative initial doc notes a polymorphic typing issue in jackson-databind related to HikariConfig. Connected-material references (A...

9.8CVSS9.3AI score0.10676EPSS
CVE
CVE
added 2020/03/02 3:59 a.m.557 views

CVE-2020-9546

CVE-2020-9546 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interactions involving org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig can lead to deserialization issues. The IBM/Cloudera bulletin references the same CVE and lists a high impact...

9.8CVSS9.2AI score0.04613EPSS
CVE
CVE
added 2020/03/02 3:59 a.m.544 views

CVE-2020-9547

CVE-2020-9547 involves jackson-databind 2.x before 2.9.10.4 where deserialization gadget typing interaction (related to ibatis-sqlmap) enables likely remote code execution. Connected IBM advisories enumerate multiple CBEs in jackson-databind and show affected IBM products; remediation guidance ge...

9.8CVSS9.1AI score0.18671EPSS
In wild
CVE
CVE
added 2020/03/02 3:58 a.m.522 views

CVE-2020-9548

CVE-2020-9548 affects Cloudera Data Platform Private Cloud Base (IBM) 7.1.9. It is a deserialization vulnerability in FasterXML jackson-databind 2.x up to 2.9.10.3/4 where interaction between serialization gadgets and typing (relating to br.com.anteros.dbcp.AnterosDBCPConfig) can lead to remote c...

9.8CVSS9.1AI score0.18345EPSS
In wild
CVE
CVE
added 2020/02/10 7:41 p.m.517 views

CVE-2020-8840

CVE-2020-8840 affects FasterXML jackson-databind 2.0.0–2.9.10.2, where missing blocking of xbean-reflect/JNDI chains (notably org.apache.xbean.propertyeditor.JndiConverter) enables JNDI injection leading to remote code execution. Affected component is jackson-databind’s deserialization path; impa...

9.8CVSS9.3AI score0.26587EPSS
In wild
CVE
CVE
added 2020/03/31 4:37 a.m.501 views

CVE-2020-11113

CVE-2020-11113 is a deserialization vulnerability in FasterXML jackson-databind (2.x before 2.9.10.4) tied to typing gadget interactions (notably related to org.apache.openjpa.ee.WASRegistryManagedRuntime). The connected documents corroborate an exploit path via unsafe deserialization leading to ...

8.8CVSS8.3AI score0.06278EPSS
CVE
CVE
added 2020/03/18 9:17 p.m.465 views

CVE-2020-10672

CVE-2020-10672 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The issue arises from deserialization gadget/typing interaction (related to org.apache. Aries transaction JMS XaPooledConnectionFactory), enabling high-severity impact on data confidentiality/integrity/availability. Connecte...

8.8CVSS8.3AI score0.02959EPSS
CVE
CVE
added 2020/04/07 10:14 p.m.457 views

CVE-2020-11619

CVE-2020-11619 affects Jackson Databind 2.x before 2.9.10.4 and is caused by mishandling the interaction between serialization gadgets and typing (related to spring-aop). This deserialization issue can lead to arbitrary code execution when a crafted JSON is processed, as described in IBM/ISIQ con...

8.1CVSS8AI score0.03607EPSS
CVE
CVE
added 2020/03/26 12:43 p.m.452 views

CVE-2020-10968

CVE-2020-10968 affects FasterXML jackson-databind 2.x before 2.9.10.4. The issue arises from how serialization gadgets interact with typing, specifically related to org.aoju.bus.proxy.provider.remoting.RmiProvider (bus-proxy). The result is a deserialization vulnerability with high impact to conf...

8.8CVSS8.3AI score0.03538EPSS
CVE
CVE
added 2020/03/31 4:37 a.m.447 views

CVE-2020-11111

CVE-2020-11111 involves FasterXML Jackson Databind 2.x before 2.9.10.4, where deserialization gadgets and typing interaction (related to org.apache.activemq.*) are mishandled. This can impact confidentiality, integrity and availability. Affected product is Jackson Databind 2.x prior to 2.9.10.4; ...

8.8CVSS8.3AI score0.03489EPSS
CVE
CVE
added 2020/03/26 12:43 p.m.441 views

CVE-2020-10969

CVE-2020-10969 : Jackson Databind 2.x prior to 2.9.10.4 has a deserialization flaw caused by how serialization gadgets interact with typing (related to javax.swing.JEditorPane). This can enable deserialization of untrusted data with potential remote code execution. The issue is publicly documente...

8.8CVSS8.3AI score0.03473EPSS
CVE
CVE
added 2020/03/18 9:17 p.m.434 views

CVE-2020-10673

CVE-2020-10673 affects FasterXML jackson-databind 2.x prior to 2.9.10.4. The IBM bulletin and the consolidated Jira/Advisory in connected docs describe a deserialization issue where interaction between serialization gadgets and typing (related to com.caucho.config.types.ResourceRef, aka caucho-qu...

8.8CVSS8.3AI score0.07963EPSS
CVE
CVE
added 2020/03/31 4:37 a.m.422 views

CVE-2020-11112

CVE-2020-11112 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interaction is mishandled (related to org.apache.commons.proxy.provider.remoting.RmiProvider). This is a deserialization issue that could enable malicious payload execution; affected prod...

8.8CVSS8.3AI score0.03583EPSS
CVE
CVE
added 2020/01/03 3:35 a.m.418 views

CVE-2019-20330

CVE-2019-20330 affects FasterXML jackson-databind 2.x before 2.9.10.2, which lacks blocking for net.sf.ehcache in deserialization. This is a deserialization-side issue with high–critical impact potential; remediation is to upgrade to jackson-databind 2.9.10.2 or newer as indicated by connected IB...

9.8CVSS9.2AI score0.0864EPSS
CVE
CVE
added 2020/04/07 10:14 p.m.393 views

CVE-2020-11620

CVE-2020-11620 : Jackson Databind 2.x before 2.9.10.4 has a deserialization issue arising from how serialization gadgets interact with typing, specifically related to org.apache.commons.jelly.impl.Embedded. This allows potential compromise of confidentiality, integrity, and availability (IBM X-Fo...

8.1CVSS8AI score0.05594EPSS
CVE
CVE
added 2022/01/24 12:0 a.m.382 views

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

7.1CVSS6.6AI score0.0444EPSS
CVE
CVE
added 2019/01/07 6:0 p.m.369 views

CVE-2018-1320

CVE-2018-1320 affects Apache Thrift: Java client library versions 0.5.0–0.11.0. The issue stems from an assert in TSaslTransport.isComplete that validates SASL handshakes; disabling this check can leave SASL negotiation validation incomplete, enabling a security bypass. Multiple connected sources...

7.5CVSS7.3AI score0.08188EPSS
CVE
CVE
added 2019/09/15 9:45 p.m.294 views

CVE-2019-16335

CVE-2019-16335 is a vulnerability in FasterXML jackson-databind (pre-2.9.10) related to polymorphic typing in the HikariDataSource path. Connected sources confirm the affected component is jackson-databind and specifically the serialization gadgets involving com.zaxxer.hikari.HikariDataSource. Im...

9.8CVSS9.3AI score0.04918EPSS
CVE
CVE
added 2018/12/20 5:0 p.m.250 views

CVE-2018-1000873

CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....

6.5CVSS7.7AI score0.04758EPSS
CVE
CVE
added 2019/09/18 10:23 p.m.245 views

CVE-2019-3740

CVE-2019-3740 concerns RSA BSAFE Crypto-J used by Oracle GoldenGate Install (Dell BSAFE Crypto-J). The root cause is a timing-discrepancy vulnerability during DSA key generation that could allow a remote attacker to recover DSA private keys. Affected product/component: Oracle GoldenGate (Install ...

6.5CVSS7.9AI score0.03753EPSS
CVE
CVE
added 2019/07/09 3:37 p.m.244 views

CVE-2018-11307

CVE-2018-11307 concerns a deserialization issue in FasterXML Jackson-databind from 2.0.0 to 2.9.5 that enables content exfiltration when using Jackson default typing with an iBatis gadget class. Affected: jackson-databind components in these versions. Impact: potential exposure of serialized cont...

9.8CVSS9.2AI score0.05683EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.232 views

CVE-2018-14718

CVE-2018-14718 affects FasterXML jackson-databind 2.x (pre-2.9.7). Description: remote code execution via deserialization due to failure to block the slf4j-ext class from polymorphic deserialization. IBM watsonx.data is listed as affected (versions 1.0.0–2.0.0 in some bulletins; later bulletins s...

9.8CVSS9.8AI score0.12679EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.222 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
CVE
CVE
added 2019/07/30 10:49 a.m.187 views

CVE-2019-14439

CVE-2019-14439 describes a polymorphic typing deserialization issue in FasterXML jackson-databind 2.x prior to 2.9.9.2. When Default Typing is enabled (globally or for a property) and logback is in the classpath, an externally exposed JSON endpoint may be vulnerable to unsafe deserialization. Aff...

7.5CVSS8.4AI score0.10763EPSS