The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Communications

security vulnerability CVE-2018-17197

Apache Tika: infinite loop via SQLite3Parser

Synthesis of the vulnerability

An attacker can trigger an infinite loop via SQLite3Parser of Apache Tika, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/07/2019.
Identifiers: cpujul2019, CVE-2018-17197, VIGILANCE-VUL-29790.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an infinite loop via SQLite3Parser of Apache Tika, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2019-12086

jackson-databind: file reading

Synthesis of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/05/2019.
Identifiers: 5048, cpujul2019, cpuoct2019, CVE-2019-12086, DLA-1798-1, DSA-4452-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, RHSA-2019:3044-01, RHSA-2019:3045-01, RHSA-2019:3046-01, RHSA-2019:3050-01, VIGILANCE-VUL-29375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, RHSA-2019:2402-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Severity: 2/4.
Creation date: 11/04/2019.
Identifiers: bulletinoct2019, cpujul2019, cpuoct2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-11307

jackson-databind: information disclosure via Default Typing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/03/2019.
Identifiers: cpujan2019, cpujul2019, CVE-2018-11307, DLA-1703-1, DSA-4452-1, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-12023

jackson-databind: code execution via Oracle JDBC Driver Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Oracle JDBC Driver Deserialization of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpujan2019, cpujul2019, CVE-2018-12023, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28553.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Oracle JDBC Driver Deserialization of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-14718

jackson-databind: code execution via slf4j-ext

Synthesis of the vulnerability

An attacker can use a vulnerability via slf4j-ext of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, CVE-2018-14718, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28550.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via slf4j-ext of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14719

jackson-databind: code execution via blaze-ds-opt

Synthesis of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14719, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28549.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-14720

jackson-databind: external XML entity injection via JDK Classes

Synthesis of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14720, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28548.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-14721

jackson-databind: information disclosure via axis2-jaxws SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14721, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28547.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Communications: