Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
2019-04-23 | CVE-2019-2564 | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 4.3 |
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2019-03-21 | CVE-2018-12023 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
2019-03-21 | CVE-2018-12022 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |
2018-11-16 | CVE-2018-15769 | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. | 7.5 |
2018-09-14 | CVE-2018-11058 | Out-of-bounds Read vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. | 9.8 |
2018-08-31 | CVE-2018-11057 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. | 5.9 |