Vulnerabilities > Oracle > Global Lifecycle Management Opatch

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-02 CVE-2020-9548 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
9.8
2020-03-02 CVE-2020-9547 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
9.8
2020-03-02 CVE-2020-9546 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
9.8
2020-02-10 CVE-2020-8840 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
network
low complexity
fasterxml debian netapp huawei oracle CWE-502
critical
9.8
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
9.8
2019-09-18 CVE-2019-3740 Information Exposure Through Discrepancy vulnerability in multiple products
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation.
network
low complexity
dell oracle CWE-203
6.5
2019-09-15 CVE-2019-16335 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml fedoraproject debian netapp redhat oracle CWE-502
critical
9.8
2019-09-15 CVE-2019-14540 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp fedoraproject debian redhat oracle CWE-502
critical
9.8
2019-07-30 CVE-2019-14439 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
7.5