CVEs (25)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Fasterxml OracleRedhat7Clusterware Communications Instant Messaging ServerGlobal Lifecycle Management Opatch+4 moreNov 21, 2024 Jul 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. |
4Apache DebianF5+1 more5Debian Linux Global Lifecycle Management OpatchNosql Database+2 moreNov 21, 2024 Jan 7, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake...Show more |
5Debian FasterxmlNetapp+2 more20Banking Platform Business Process Management SuiteClusterware+17 moreNov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. |
5Debian FasterxmlNetapp+2 more25Banking Platform Business Process Management SuiteCommunications Billing And Revenue Management+22 moreNov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. |
3Fasterxml NetappOracle6Active Iq Unified Manager ClusterwareDatabase Server+3 moreNov 21, 2024 Dec 20, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The...Show more |