Vulnerabilities > Oracle > Global Lifecycle Management Opatch

DATE CVE VULNERABILITY TITLE RISK
2019-07-09 CVE-2018-11307 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5.
network
low complexity
fasterxml redhat oracle CWE-502
critical
9.8
2019-01-07 CVE-2018-1320 Improper Certificate Validation vulnerability in multiple products
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class.
network
low complexity
apache debian f5 oracle CWE-295
7.5
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
9.8
2018-12-20 CVE-2018-1000873 Improper Input Validation vulnerability in multiple products
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS).
network
low complexity
fasterxml oracle netapp CWE-20
6.5