CVE-2019-12086
published 2019-05-17CVE-2019-12086: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific…
PriorityP359high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
21.95%
97.3th percentile
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | jackson-databind | < jackson-databind 2.9.8-2 (bookworm) | jackson-databind 2.9.8-2 (bookworm) |
| fasterxml | jackson-databind | >= 0 < 2.9.8-2 | 2.9.8-2 |
| fasterxml | jackson-databind | >= 0 < 2.9.8-2 | 2.9.8-2 |
| fasterxml | jackson-databind | >= 0 < 2.9.8-2 | 2.9.8-2 |
| fasterxml | jackson-databind | >= 0 < 2.9.8-2 | 2.9.8-2 |
| fasterxml | jackson-databind | >= 0 < 2.4.2-3ubuntu0.1~esm2 | 2.4.2-3ubuntu0.1~esm2 |
| fasterxml | jackson-databind | >= 2.0.0 < 2.6.7.3 | 2.6.7.3 |
| fasterxml | jackson-databind | >= 2.7.0 < 2.7.9.6 | 2.7.9.6 |
| fasterxml | jackson-databind | >= 2.8.0 < 2.8.11.4 | 2.8.11.4 |
| fasterxml | jackson-databind | >= 2.9.0 < 2.9.9 | 2.9.9 |
| redhat | jboss_enterprise_application_platform | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_oracle9.8HIGH
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
ghsa·2022-05-24·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
OSV
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
osv·2022-05-24·CVSS 9.8
CVE-2019-10202 [CRITICAL] Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
OSV
jackson-databind vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2018-11307 [CRITICAL] jackson-databind vulnerabilities
jackson-databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2
OSV
Information exposure in FasterXML jackson-databind
osv·2019-05-23
CVE-2019-12086 [HIGH] Information exposure in FasterXML jackson-databind
Information exposure in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
GHSA
Information exposure in FasterXML jackson-databind
ghsa·2019-05-23
CVE-2019-12086 [HIGH] CWE-502 Information exposure in FasterXML jackson-databind
Information exposure in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
OSV
CVE-2019-12086: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2
osv·2019-05-17·CVSS 7.5
CVE-2019-12086 [HIGH] CVE-2019-12086: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Oracle
Oracle Oracle GoldenGate Risk Matrix: Internal Framework (jackson-databind) — CVE-2019-12086
vendor_oracle·2022-04-15·CVSS 7.5
CVE-2019-12086 [HIGH] Oracle Oracle GoldenGate Risk Matrix: Internal Framework (jackson-databind) — CVE-2019-12086
Oracle Oracle GoldenGate Risk Matrix: Internal Framework (jackson-databind) vulnerability
CVE: CVE-2019-12086
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
Ubuntu
Jackson Databind vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 9.8
CVE-2019-14540 [CRITICAL] Jackson Databind vulnerabilities
Title: Jackson Databind vulnerabilities
Summary: Several security issues were fixed in Jackson Databind.
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-109
Oracle
Oracle Oracle Retail Applications Risk Matrix: Segment (jackson-databind) — CVE-2019-12086
vendor_oracle·2020-07-15·CVSS 9.8
CVE-2019-12086 [HIGH] Oracle Oracle Retail Applications Risk Matrix: Segment (jackson-databind) — CVE-2019-12086
Oracle Oracle Retail Applications Risk Matrix: Segment (jackson-databind) vulnerability
CVE: CVE-2019-12086
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2020 (JUL 2020)
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator Security (jackson-databind) — CVE-2019-12086
vendor_oracle·2020-01-15·CVSS 7.5
CVE-2019-12086 [HIGH] Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator Security (jackson-databind) — CVE-2019-12086
Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator Security (jackson-databind) vulnerability
CVE: CVE-2019-12086
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2020 (JAN 2020)
Red Hat
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
vendor_redhat·2019-09-30·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Package: codehaus (Red Hat BPM Suite 6) - Out of support scope
Package: codehaus (Red Hat Decision Manager 7) - Not affected
Package: codehaus (Red Hat JBoss A-MQ 6) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 5) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 6) - Out of support scope
Package: codehaus
Red Hat
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
vendor_redhat·2019-05-14·CVSS 7.5
CVE-2019-12086 [HIGH] CWE-502 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget w
Debian
CVE-2019-12086: jackson-databind - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...
vendor_debian·2019·CVSS 7.5
CVE-2019-12086 [HIGH] CVE-2019-12086: jackson-databind - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Scope: local
bookworm: resolved (fixed in 2.9.8-2)
bullseye: resolved (fixed in 2.9.8-2)
forky: resolved (fixed in 2.9.8-2)
sid: resolved (fixed in 2.9.8-2)
trixie: resolved (fixed in 2.9.8-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
bugzilla·2019-07-18·CVSS 9.8
CVE-2019-10202 [CRITICAL] CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Discussion:
This vulnerability is out of security support scope for the following products:
* Red Hat JBoss BPM Suite 6
* Red Hat JBoss BRMS 6
* Red Hat Enterprise Application Platform 5
* Red Hat Enterprise Application Platform 6
* Red Hat JBoss SOA Platform 5
* Red Hat JBoss Fuse Service Works 6
* Red Hat JBoss Fuse 6
*
Bugzilla
CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
bugzilla·2019-05-23·CVSS 7.5
CVE-2019-12086 [HIGH] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
bugzilla·2019-05-23·CVSS 7.5
CVE-2019-12086 [HIGH] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Upstream patch:
https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
Upstream issue:
http
http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/http://www.securityfocus.com/bid/109227https://access.redhat.com/errata/RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2935https://access.redhat.com/errata/RHSA-2019:2936https://access.redhat.com/errata/RHSA-2019:2937https://access.redhat.com/errata/RHSA-2019:2938https://access.redhat.com/errata/RHSA-2019:2998https://access.redhat.com/errata/RHSA-2019:3044https://access.redhat.com/errata/RHSA-2019:3045https://access.redhat.com/errata/RHSA-2019:3046https://access.redhat.com/errata/RHSA-2019:3050https://access.redhat.com/errata/RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3200https://github.com/FasterXML/jackson-databind/issues/2326https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2%40%3Creviews.spark.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/05/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://seclists.org/bugtraq/2019/May/68https://security.netapp.com/advisory/ntap-20190530-0003/https://www.debian.org/security/2019/dsa-4452https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttp://russiansecurity.expert/2016/04/20/mysql-connect-file-read/http://www.securityfocus.com/bid/109227https://access.redhat.com/errata/RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2935https://access.redhat.com/errata/RHSA-2019:2936https://access.redhat.com/errata/RHSA-2019:2937https://access.redhat.com/errata/RHSA-2019:2938https://access.redhat.com/errata/RHSA-2019:2998https://access.redhat.com/errata/RHSA-2019:3044https://access.redhat.com/errata/RHSA-2019:3045https://access.redhat.com/errata/RHSA-2019:3046https://access.redhat.com/errata/RHSA-2019:3050https://access.redhat.com/errata/RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3200https://github.com/FasterXML/jackson-databind/issues/2326https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2%40%3Creviews.spark.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/05/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://seclists.org/bugtraq/2019/May/68https://security.netapp.com/advisory/ntap-20190530-0003/https://www.debian.org/security/2019/dsa-4452https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
2019-05-17
Published