VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Oracle
>
Banking Platform
> 2.7.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-10-01
CVE-2019-16943
Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml
debian
fedoraproject
redhat
oracle
netapp
CWE-502
critical
9.8
9.8
2019-10-01
CVE-2019-16942
Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml
debian
fedoraproject
redhat
netapp
oracle
CWE-502
critical
9.8
9.8
2019-09-15
CVE-2019-16335
Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml
fedoraproject
debian
netapp
redhat
oracle
CWE-502
critical
9.8
9.8
2019-09-15
CVE-2019-14540
Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml
netapp
fedoraproject
debian
redhat
oracle
CWE-502
critical
9.8
9.8
2019-08-30
CVE-2019-12402
Infinite Loop vulnerability in multiple products
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs.
network
low complexity
apache
fedoraproject
oracle
CWE-835
7.5
7.5
2019-07-30
CVE-2019-14439
Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
network
low complexity
fasterxml
debian
fedoraproject
apache
redhat
oracle
CWE-502
7.5
7.5
2019-07-29
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml
debian
netapp
fedoraproject
redhat
oracle
apple
critical
9.8
9.8
2019-07-23
CVE-2019-10173
Code Injection vulnerability in multiple products
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw.
network
low complexity
x-stream
oracle
CWE-94
critical
9.8
9.8
2019-04-20
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution.
network
low complexity
jquery
debian
drupal
backdropcms
fedoraproject
opensuse
netapp
redhat
oracle
joomla
juniper
6.1
6.1
«
Previous
1
2
3
4
(current)
»