Oracle Clusterware vulnerabilities

5 known vulnerabilities affecting oracle/clusterware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-2860MEDIUMCVSS 5.6v12.1.0.2.02019-07-23
CVE-2019-2860 [MEDIUM] CVE-2019-2860: Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). The supported version that is affected is 12.1.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerabil
nvd
CVE-2018-11307CRITICALCVSS 9.8v12.1.0.2.02019-07-09
CVE-2018-11307 [CRITICAL] CWE-502 CVE-2018-11307: An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default ty An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
nvd
CVE-2018-14719CRITICALCVSS 9.8v12.1.0.2.02019-01-02
CVE-2018-14719 [CRITICAL] CWE-502 CVE-2018-14719: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
nvd
CVE-2018-1000873MEDIUMCVSS 6.5v12.1.0.2.02018-12-20
CVE-2018-1000873 [MEDIUM] CWE-20 CVE-2018-1000873: Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerabilit
nvd
CVE-2017-15095CRITICALCVSS 9.8v12.1.0.2.02018-02-06
CVE-2017-15095 [CRITICAL] CWE-184 CVE-2017-15095: A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, w A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be us
nvd