The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Fusion Middleware

cybersecurity threat CVE-2018-2587 CVE-2018-2628 CVE-2018-2739

Oracle Fusion Middleware: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 18/04/2018.
Revision date: 19/04/2019.
Identifiers: cpuapr2018, CVE-2018-2587, CVE-2018-2628, CVE-2018-2739, CVE-2018-2760, CVE-2018-2765, CVE-2018-2770, CVE-2018-2791, CVE-2018-2828, CVE-2018-2834, CVE-2018-2879, VIGILANCE-VUL-25897.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, cpuoct2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, FEDORA-2019-00c25b9379, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-14718

jackson-databind: code execution via slf4j-ext

Synthesis of the vulnerability

An attacker can use a vulnerability via slf4j-ext of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, CVE-2018-14718, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28550.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via slf4j-ext of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14719

jackson-databind: code execution via blaze-ds-opt

Synthesis of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14719, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28549.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via blaze-ds-opt of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-14720

jackson-databind: external XML entity injection via JDK Classes

Synthesis of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14720, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28548.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via JDK Classes to jackson-databind, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-14721

jackson-databind: information disclosure via axis2-jaxws SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujan2019, cpuoct2019, CVE-2018-14721, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28547.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-19360

jackson-databind: code execution via Axis2-transport-jms Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Axis2-transport-jms Deserialization of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujul2019, cpuoct2019, CVE-2018-19360, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28546.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Axis2-transport-jms Deserialization of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2018-19361

jackson-databind: code execution via Openjpa Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Openjpa of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujul2019, cpuoct2019, CVE-2018-19361, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28545.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Openjpa of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-19362

jackson-databind: code execution via Jboss-common-core Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Jboss-common-core Deserialization of jackson-databind, in order to run code.
Severity: 3/4.
Creation date: 19/02/2019.
Identifiers: 5048, cpuapr2019, cpujul2019, cpuoct2019, CVE-2018-19362, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, VIGILANCE-VUL-28544.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Jboss-common-core Deserialization of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2019-3823

libcurl: out-of-bounds memory reading via SMTP End-of-Response

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 06/02/2019.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2019-3823, DLA-1672-1, DSA-4386-1, FEDORA-2019-43489941ff, openSUSE-SU-2019:0173-1, openSUSE-SU-2019:0174-1, RHSA-2019:3701-01, SSA:2019-037-01, SUSE-SU-2019:0248-1, SUSE-SU-2019:0249-1, SUSE-SU-2019:0249-2, SUSE-SU-2019:0339-1, USN-3882-1, VIGILANCE-VUL-28445.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via SMTP End-of-Response of libcurl, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Fusion Middleware: