Oracle Global Lifecycle Management OPatch 13.9.4.0.0

CPE Details

Oracle Global Lifecycle Management OPatch 13.9.4.0.0
oracle
global_lifecycle_management_opatch
13.9.4.0.0
2021-02-18
17h53 +00:00
2021-02-18
17h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:global_lifecycle_management_opatch:13.9.4.0.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

global_lifecycle_management_opatch

Version

13.9.4.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-8840 2020-02-10 18h41 +00:00 FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
9.8
Critical
CVE-2019-20330 2020-01-03 02h35 +00:00 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8
Critical
CVE-2019-16335 2019-09-15 19h45 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
9.8
Critical
CVE-2019-14540 2019-09-15 19h45 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
9.8
Critical
CVE-2019-14439 2019-07-30 08h49 +00:00 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
7.5
High
CVE-2018-11307 2019-07-09 13h37 +00:00 An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
9.8
Critical
CVE-2018-1320 2019-01-07 17h00 +00:00 Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
7.5
High
CVE-2018-14718 2019-01-02 17h00 +00:00 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
9.8
Critical
CVE-2018-14719 2019-01-02 17h00 +00:00 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
9.8
Critical
CVE-2018-1000873 2018-12-20 16h00 +00:00 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
6.5
Medium