Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-11307: NVD - CVE-2017-7525

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

CVE
#web#debian#apache#git#oracle#perl

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Hyperlink

Resource

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Patch Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch Third Party Advisory

http://www.securityfocus.com/bid/99623

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039744

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039947

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1040360

Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2017:1834

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1835

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1836

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1837

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1839

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1840

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2477

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2546

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2547

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2633

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2635

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2636

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2637

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2638

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3141

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3454

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3455

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3456

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:3458

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0294

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0342

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1449

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1450

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0910

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2858

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3149

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1462702

Issue Tracking Third Party Advisory

https://cwiki.apache.org/confluence/display/WW/S2-055

Third Party Advisory

https://github.com/FasterXML/jackson-databind/issues/1599

Issue Tracking Patch Third Party Advisory

https://github.com/FasterXML/jackson-databind/issues/1723

Issue Tracking Third Party Advisory

https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

Mailing List Third Party Advisory

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

Mailing List Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

Mailing List Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

Mailing List Third Party Advisory

https://security.netapp.com/advisory/ntap-20171214-0002/

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

Third Party Advisory

https://www.debian.org/security/2017/dsa-4004

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch Third Party Advisory

Related news

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2020-14829: Oracle Critical Patch Update Advisory - October 2020

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2019-2808: Oracle Critical Patch Update Advisory - July 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2628: Oracle Critical Patch Update Advisory - April 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2455: Oracle Critical Patch Update Advisory - January 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-0542: Red Hat Customer Portal - Access to 24x7 support and knowledge

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

CVE-2018-3133: Oracle Critical Patch Update - October 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907