Skip to main content

Goldengate Stream Analytics

8 CVEs product

Monthly

CVE-2019-16335 Maven CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Fedora Debian Linux Oncommand Api Services +13
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-14540 Maven CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Oncommand Api Services Oncommand Workflow Automation Steelstore Cloud Integrated Storage +15
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2019-14439 Maven HIGH PATCH This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Fedora Drill +14
NVD GitHub
CVSS 3.1
7.5
EPSS
10.8%
CVE-2019-14379 Maven CRITICAL PATCH Act Now

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Java Prototype Pollution RCE Jackson Databind Debian Linux +22
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2019-0201 Maven MEDIUM PATCH This Month

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Activemq Drill Zookeeper +7
NVD
CVSS 3.1
5.9
EPSS
9.6%
CVE-2019-0222 Maven HIGH PATCH This Week

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Activemq E Series Santricity Web Services Communications Diameter Signaling Router +5
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2018-8012 Maven HIGH PATCH This Week

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Zookeeper Debian Linux Goldengate Stream Analytics
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2018-8088 Maven CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform Virtualization Virtualization Host +9
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Fedora +15
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Oncommand Api Services +17
NVD GitHub
EPSS 11% CVSS 7.5
HIGH PATCH This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux +16
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Java Prototype Pollution RCE +24
NVD GitHub
EPSS 10% CVSS 5.9
MEDIUM PATCH This Month

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Activemq +9
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Activemq +7
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Zookeeper +2
NVD
EPSS 15% CVSS 9.8
CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform +11
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy