Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Tuxedo Subscribe

Filter

5899 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19362 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-14721 3 Fasterxml, Debian, Oracle 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 3 Fasterxml, Debian, Oracle 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719 3 Fasterxml, Debian, Oracle 10 Jackson-databind, Debian Linux, Banking Platform and 7 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 3 Fasterxml, Debian, Oracle 10 Jackson-databind, Debian Linux, Banking Platform and 7 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-12023 3 Fasterxml, Oracle, Fedoraproject 19 Jackson-databind, Banking Platform, Communications Billing And Revenue Management and 16 more 2019-05-25 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can...
CVE-2018-12022 3 Fasterxml, Fedoraproject, Oracle 4 Jackson-databind, Fedora, Jd Edwards Enterpriseone Tools and 1 more 2019-05-25 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework)...
CVE-2019-2627 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-05-23 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows...
CVE-2019-2614 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-05-23 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high...
CVE-2019-2698 2 Oracle, Redhat 3 Jdk, Jre, Openshift Container Platform 2019-05-23 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-2684 3 Oracle, Redhat, Opensuse 4 Jdk, Jre, Openshift Container Platform and 1 more 2019-05-23 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows...
CVE-2019-2602 3 Oracle, Redhat, Opensuse 4 Jdk, Jre, Openshift Container Platform and 1 more 2019-05-23 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows...
CVE-2019-2426 2 Oracle, Netapp 5 Jdk, Jre, Oncommand Unified Manager and 2 more 2019-05-23 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-05-23 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-05-23 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2018-11212 7 Ijg, Netapp, Oracle and 4 more 13 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 10 more 2019-05-23 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2017-3329 2 Oracle, Debian 2 Mysql, Debian Linux 2019-05-22 5.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows...
CVE-2017-3450 1 Oracle 1 Mysql 2019-05-22 5.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker...