Vulnerabilities > Oracle > Data Integrator > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-27 CVE-2020-35728 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
network
high complexity
fasterxml debian netapp oracle CWE-502
8.1
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5