This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2018-03-20
Product Goldengate Stream Analytics Last view 2020-03-02
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:* 7

Related : CVE

  Date Alert Description
9.8 2020-03-02 CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

9.8 2020-01-03 CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8 2019-09-15 CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

9.8 2019-09-15 CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

9.8 2019-07-29 CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

7.5 2019-03-28 CVE-2019-0222

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

9.8 2018-03-20 CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

CWE : Common Weakness Enumeration

%idName
80% (4) CWE-502 Deserialization of Untrusted Data
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8b0ad602be.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1159.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1092.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-04-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-999.nasl - Type: ACT_GATHER_INFO
2018-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a4353f97db.nasl - Type: ACT_GATHER_INFO
2018-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a46b358764.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0592.nasl - Type: ACT_GATHER_INFO