Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Filter

6062 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12023 5 Fasterxml, Oracle, Fedoraproject and 2 more 26 Jackson-databind, Banking Platform, Communications Billing And Revenue Management and 23 more 2019-08-22 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can...
CVE-2018-12022 5 Fasterxml, Fedoraproject, Oracle and 2 more 11 Jackson-databind, Fedora, Jd Edwards Enterpriseone Tools and 8 more 2019-08-22 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework)...
CVE-2018-19362 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-7489 4 Fasterxml, Debian, Oracle and 1 more 5 Jackson-databind, Debian Linux, Communications Billing And Revenue Management and 2 more 2019-08-22 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending...
CVE-2018-19361 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 4 Fasterxml, Debian, Oracle and 1 more 12 Jackson-databind, Debian Linux, Business Process Management Suite and 9 more 2019-08-22 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2019-2822 1 Oracle 1 Mysql 2019-08-22 5.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network...
CVE-2019-2791 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker...
CVE-2019-2747 1 Oracle 1 Mysql 2019-08-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2019-2746 1 Oracle 1 Mysql 2019-08-22 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Data Dictionary). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access...
CVE-2019-2743 1 Oracle 1 Mysql 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access...
CVE-2019-2741 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
CVE-2018-14720 4 Fasterxml, Debian, Oracle and 1 more 13 Jackson-databind, Debian Linux, Banking Platform and 10 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14721 4 Fasterxml, Debian, Oracle and 1 more 14 Jackson-databind, Debian Linux, Banking Platform and 11 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14719 4 Fasterxml, Debian, Oracle and 1 more 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-08-21 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2019-2731 1 Oracle 1 Mysql 2019-08-21 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
CVE-2019-2730 1 Oracle 1 Mysql 2019-08-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged...
CVE-2003-0841 2 Peoplesoft, Oracle 2 Peopletools, Peopletools 2019-08-19 5.0
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
CVE-2018-3252 1 Oracle 1 Weblogic Server 2019-08-18 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows...
CVE-2019-2699 1 Oracle 2 Jdk, Jre 2019-08-15 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...