Oracle Global Lifecycle Management Opatch — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Global Lifecycle Management Opatch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2020-9547 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-9548 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2018-14718 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-14719 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2019-14540 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16335 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource…
CVE-2018-11307 — CVSS 9.8 (critical): An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from…
CVE-2020-8840 — CVSS 9.8 (critical): FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyedi…
CVE-2020-9546 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10672 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10673 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10968 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10969 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11111 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11112 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11113 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11619 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11620 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2019-14439 — CVSS 7.5 (high): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2018-1320 — CVSS 7.5 (high): Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the…
CVE-2022-23437 — CVSS 6.5 (medium): There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This…
CVE-2019-3740 — CVSS 6.5 (medium): RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA…
CVE-2018-1000873 — CVSS 6.5 (medium): Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result…