The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Base SAS Software

computer vulnerability announce CVE-2019-12814

jackson-databind: file reading via Polymorphic Typing JSON Message

Synthesis of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 24/06/2019.
Identifiers: CVE-2019-12814, DLA-1831-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, RHSA-2019:3044-01, RHSA-2019:3045-01, RHSA-2019:3046-01, RHSA-2019:3050-01, VIGILANCE-VUL-29605.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2019-12384

jackson-databind: file reading via Polymorphic Typing JSON Message

Synthesis of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 24/06/2019.
Identifiers: CVE-2019-12384, DLA-1831-1, DSA-4542-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, NTAP-20190703-0002, RHSA-2019:1820-01, RHSA-2019:2720-01, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, VIGILANCE-VUL-29604.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2019-5427

c3p0: denial of service via the XML configuration

Synthesis of the vulnerability

An attacker can trigger a fatal error via the processing of the XML configuration of c3p0, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 29/05/2019.
Identifiers: 5048, CVE-2019-5427, FEDORA-2019-063672154a, FEDORA-2019-cb14e234fc, VIGILANCE-VUL-29428.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via the processing of the XML configuration of c3p0, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2019-12086

jackson-databind: file reading

Synthesis of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/05/2019.
Identifiers: 5048, cpujul2019, cpuoct2019, CVE-2019-12086, DLA-1798-1, DSA-4452-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, RHSA-2019:3044-01, RHSA-2019:3045-01, RHSA-2019:3046-01, RHSA-2019:3050-01, VIGILANCE-VUL-29375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-11307

jackson-databind: information disclosure via Default Typing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/03/2019.
Identifiers: cpujan2019, cpujul2019, CVE-2018-11307, DLA-1703-1, DSA-4452-1, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-12023

jackson-databind: code execution via Oracle JDBC Driver Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Oracle JDBC Driver Deserialization of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpujan2019, cpujul2019, CVE-2018-12023, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28553.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Oracle JDBC Driver Deserialization of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1000873

jackson-datatype-jsr310: denial of service via Input Validation

Synthesis of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: cpuoct2019, CVE-2018-1000873, FEDORA-2019-df57551f6d, VIGILANCE-VUL-28552.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14719

jackson-databind: code execution via blaze-ds-opt

Synthesis of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14719, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28549.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-14720

jackson-databind: external XML entity injection via JDK Classes

Synthesis of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14720, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28548.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-19360

jackson-databind: code execution via Axis2-transport-jms Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Axis2-transport-jms Deserialization of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujul2019, cpuoct2019, CVE-2018-19360, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28546.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Axis2-transport-jms Deserialization of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Base SAS Software: