|
2018-02-26
|
CVE-2018-7489 |
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. |
Debian_linux,
Jackson\-Databind,
Communications_billing_and_revenue_management,
Communications_instant_messaging_server,
Jboss_enterprise_application_platform
|
9.8
|
|
|
2019-01-02
|
CVE-2018-14718 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal
|
9.8
|
|
|
|
2016-04-08
|
CVE-2016-2381 |
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. |
Ubuntu_linux,
Debian_linux,
Opensuse,
Communications_billing_and_revenue_management,
Configuration_manager,
Database_server,
Enterprise_manager_base_platform,
Solaris,
Timesten_in\-Memory_database,
Perl
|
N/A
|
|
|
2019-01-02
|
CVE-2018-14721 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal,
Jboss_enterprise_application_platform,
Openshift_container_platform
|
10.0
|
|
|
|
2019-01-02
|
CVE-2018-14720 |
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal,
Jboss_enterprise_application_platform,
Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14719 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal,
Openshift_container_platform
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14719 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal
|
9.8
|
|
|
|
2019-01-02
|
CVE-2018-14718 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. |
Debian_linux,
Jackson\-Databind,
Banking_platform,
Communications_billing_and_revenue_management,
Enterprise_manager_for_virtualization,
Financial_services_analytical_applications_infrastructure,
Jdeveloper,
Primavera_unifier,
Retail_merchandising_system,
Webcenter_portal
|
9.8
|
|
|