The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Database

cybersecurity bulletin CVE-2018-1000873

jackson-datatype-jsr310: denial of service via Input Validation

Synthesis of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: cpuoct2019, CVE-2018-1000873, FEDORA-2019-df57551f6d, VIGILANCE-VUL-28552.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-14720

jackson-databind: external XML entity injection via JDK Classes

Synthesis of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14720, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28548.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-14721

jackson-databind: information disclosure via axis2-jaxws SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14721, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28547.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-2406 CVE-2019-2444 CVE-2019-2547

Oracle Database: vulnerabilities of January 2019

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 16/01/2019.
Identifiers: CERTFR-2019-AVI-021, cpujan2019, CVE-2019-2406, CVE-2019-2444, CVE-2019-2547, VIGILANCE-VUL-28286.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-3259 CVE-2018-3299

Oracle Database: vulnerabilities of October 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/10/2018.
Identifiers: CERTFR-2018-AVI-494, cpuoct2018, CVE-2018-3259, CVE-2018-3299, VIGILANCE-VUL-27504.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, cpuoct2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, RHSA-2019:1529-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-3110

Oracle Database: code execution via Java VM

Synthesis of the vulnerability

An attacker can use a vulnerability via Java VM of Oracle Database, in order to run code.
Severity: 3/4.
Creation date: 13/08/2018.
Identifiers: CERTFR-2018-AVI-383, CVE-2018-3110, VIGILANCE-VUL-26966.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Java VM of Oracle Database, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-8034

Apache Tomcat: Man-in-the-Middle via WebSocket Client

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session.
Severity: 2/4.
Creation date: 23/07/2018.
Identifiers: CERTFR-2018-AVI-584, cpuoct2019, CVE-2018-8034, DLA-1453-1, DLA-1491-1, DSA-4281-1, FEDORA-2018-b1832101b8, ibm10742719, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26817.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2939 CVE-2018-3004

Oracle Database: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/07/2018.
Identifiers: CERTFR-2018-AVI-347, cpujul2018, CVE-2018-2939, CVE-2018-3004, VIGILANCE-VUL-26763.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-7489

jackson-databind: code execution via Deserializing

Synthesis of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Severity: 2/4.
Creation date: 04/05/2018.
Identifiers: 5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Database: