Oracle Global_lifecycle_management_opatch

25 CVEs affecting Oracle Global_lifecycle_management_opatch. Latest disclosed: 2022-03-11. Critical: 10, High: 12.

Top CVEs affecting Oracle Global_lifecycle_management_opatch
CVESeverityScorePublishedSummary
CVE-2020-9548Critical9.82020-03-02FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPC…
CVE-2020-9547Critical9.82020-03-02FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transac…
CVE-2020-9546Critical9.82020-03-02FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax…
CVE-2020-8840Critical9.82020-02-10FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CVE-2019-20330Critical9.82020-01-03FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-16335Critical9.82019-09-15A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different…
CVE-2019-14540Critical9.82019-09-15A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2018-11307Critical9.82019-07-09An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltrat…
CVE-2018-14719Critical9.82019-01-02FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds…
CVE-2018-14718Critical9.82019-01-02FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from poly…
CVE-2020-11113High8.82020-03-31FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr…
CVE-2020-11112High8.82020-03-31FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide…
CVE-2020-11111High8.82020-03-31FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activ…
CVE-2020-10969High8.82020-03-26FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968High8.82020-03-26FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remo…
CVE-2020-10673High8.82020-03-18FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.Resource…
CVE-2020-10672High8.82020-03-18FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms…
CVE-2020-11620High8.12020-04-07FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Em…
CVE-2020-11619High8.12020-04-07FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.M…
CVE-2020-36518High7.52022-03-11jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.