2019-01-02
|
CVE-2018-14718
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Communications_billing_and_revenue_management, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Jdeveloper, Nosql_database, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_workforce_management_software, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
2019-02-06
|
CVE-2019-3822
|
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow...
|
Ubuntu_linux, Debian_linux, Libcurl, Active_iq_unified_manager, Clustered_data_ontap, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Communications_operations_monitor, Enterprise_manager_ops_center, Http_server, Mysql_server, Secure_global_desktop, Services_tools_bundle, Enterprise_linux, Sinema_remote_connect_client
|
9.8
|
|
|
2019-02-27
|
CVE-2019-1559
|
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt...
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Traffix_signaling_delivery_controller, Fedora, Agent, Data_exchange_layer, Threat_intelligence_exchange_server, Web_gateway, A220_firmware, A320_firmware, A800_firmware, Active_iq_unified_manager, Altavault, C190_firmware, Cloud_backup, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Element_software, Fas2720_firmware, Fas2750_firmware, Hci_compute_node, Hci_management_node, Hyper_converged_infrastructure, Oncommand_insight, Oncommand_unified_manager, Oncommand_unified_manager_core_package, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Service_processor, Smi\-S_provider, Snapcenter, Snapdrive, Snapprotect, Solidfire, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Node\.js, Openssl, Leap, Api_gateway, Business_intelligence, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_session_border_controller, Communications_session_router, Communications_unified_session_manager, Endeca_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_global_desktop, Services_tools_bundle, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_web_server, Virtualization, Virtualization_host, Nessus
|
5.9
|
|
|
2019-04-10
|
CVE-2019-11068
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Element_software, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
9.8
|
|
|
2019-07-01
|
CVE-2019-13118
|
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
|
Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
5.3
|
|
|
2019-07-29
|
CVE-2019-14379
|
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
|
Xcode, Debian_linux, Jackson\-Databind, Fedora, Active_iq_unified_manager, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Banking_platform, Communications_diameter_signaling_router, Communications_instant_messaging_server, Financial_services_analytical_applications_infrastructure, Goldengate_stream_analytics, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Jboss_enterprise_application_platform, Openshift_container_platform, Single_sign\-On
|
9.8
|
|
|
2019-09-09
|
CVE-2019-16168
|
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
|
Ubuntu_linux, Debian_linux, Fedora, Policy_auditor, Active_iq_unified_manager, E\-Series_santricity_os_controller, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Communications_design_studio, Jdk, Jre, Mysql, Outside_in_technology, Solaris, Zfs_storage_appliance, Sqlite, Nessus_agent
|
6.5
|
|
|
2019-09-15
|
CVE-2019-14540
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
|
Debian_linux, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Steelstore_cloud_integrated_storage, Banking_platform, Customer_management_and_segmentation_foundation, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Mysql, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Weblogic_server, Jboss_enterprise_application_platform
|
9.8
|
|
|
2019-09-15
|
CVE-2019-16335
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
|
Debian_linux, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Steelstore_cloud_integrated_storage, Banking_platform, Customer_management_and_segmentation_foundation, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Goldengate_application_adapters, Goldengate_stream_analytics, Primavera_gateway, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Weblogic_server, Jboss_enterprise_application_platform
|
9.8
|
|
|
2019-09-16
|
CVE-2019-5482
|
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
|
Debian_linux, Fedora, Curl, Cloud_backup, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Http_server, Hyperion_essbase, Mysql_server, Oss_support_tools
|
9.8
|
|
|