Oracle Global Lifecycle Management Opatch vulnerabilities
25 known vulnerabilities affecting oracle/global_lifecycle_management_opatch.
Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH12MEDIUM3
Vulnerabilities
Page 2 of 2
CVE-2018-11307CRITICALCVSS 9.8fixed in 11.2.0.3.23≥ 12.2.0.1.0, < 12.2.0.1.19+1 more2019-07-09
CVE-2018-11307 [CRITICAL] CWE-502 CVE-2018-11307: An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default ty
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
nvd
CVE-2018-1320HIGHCVSS 7.5fixed in 11.2.0.3.23≥ 12.2.0.1.0, < 12.2.0.1.19+1 more2019-01-07
CVE-2018-1320 [HIGH] CWE-295 CVE-2018-1320: Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
nvd
CVE-2018-14718CRITICALCVSS 9.8fixed in 11.2.0.3.23≥ 12.2.0.1.0, < 12.2.0.1.19+1 more2019-01-02
CVE-2018-14718 [CRITICAL] CWE-502 CVE-2018-14718: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
nvd
CVE-2018-14719CRITICALCVSS 9.8fixed in 11.2.0.3.23≥ 12.2.0.1.0, < 12.2.0.1.19+1 more2019-01-02
CVE-2018-14719 [CRITICAL] CWE-502 CVE-2018-14719: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
nvd
CVE-2018-1000873MEDIUMCVSS 6.5fixed in 11.2.0.3.23≥ 12.2.0.1.0, < 12.2.0.1.19+1 more2018-12-20
CVE-2018-1000873 [MEDIUM] CWE-20 CVE-2018-1000873: Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerabilit
nvd
← Previous2 / 2