The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Communications

vulnerability CVE-2018-17197

Apache Tika: infinite loop via SQLite3Parser

Synthesis of the vulnerability

An attacker can trigger an infinite loop via SQLite3Parser of Apache Tika, in order to trigger a denial of service.
Impacted products: Oracle Communications, WebLogic.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/07/2019.
Identifiers: cpujul2019, CVE-2018-17197, VIGILANCE-VUL-29790.

Description of the vulnerability

An attacker can trigger an infinite loop via SQLite3Parser of Apache Tika, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-12086

jackson-databind: file reading

Synthesis of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Impacted products: Debian, Oracle Communications, WebLogic.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 21/05/2019.
Identifiers: 5048, cpujul2019, CVE-2019-12086, DLA-1798-1, DSA-4452-1, VIGILANCE-VUL-29375.

Description of the vulnerability

An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, RHSA-2019:2402-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Impacted products: Debian, Drupal Core, eZ Platform, Fedora, jQuery Core, openSUSE Leap, Oracle Communications, WebLogic, RabbitMQ, Red Hat SSO, SLES, Synology DSM, Telerik.Web.UI.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 11/04/2019.
Identifiers: cpujul2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-11307

jackson-databind: information disclosure via Default Typing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Impacted products: Debian, Oracle Communications, WebLogic, RHEL, JBoss EAP by Red Hat, Red Hat SSO.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: cpujan2019, cpujul2019, CVE-2018-11307, DLA-1703-1, DSA-4452-1, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28642.

Description of the vulnerability

An attacker can bypass access restrictions to data via Default Typing of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-14720

jackson-databind: external XML entity injection via JDK Classes

Synthesis of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Debian, Fedora, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic, RHEL, JBoss EAP by Red Hat, Red Hat SSO.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, CVE-2018-14720, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28548.

Description of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14721

jackson-databind: information disclosure via axis2-jaxws SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic, RHEL, JBoss EAP by Red Hat, Red Hat SSO.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, CVE-2018-14721, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28547.

Description of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-3823

libcurl: out-of-bounds memory reading via SMTP End-of-Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: curl, Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Percona Server, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2019-3823, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28445.

Description of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-16890

libcurl: out-of-bounds memory reading via NTLM Type-2

Synthesis of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SDS, SES, SNS, curl, Debian, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Percona Server, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-16890, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, SSA:2019-037-01, STORM-2019-002, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28443.

Description of the vulnerability

An attacker can force a read at an invalid address via NTLM Type-2 of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-9206

jQuery File Upload: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on jQuery File Upload, in order for example to upload a Trojan.
Impacted products: Joomla Extensions ~ not comprehensive, Oracle Communications.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: cpujan2019, CVE-2018-9206, VIGILANCE-VUL-27971.

Description of the vulnerability

An attacker can upload a malicious file on jQuery File Upload, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Communications: