Oracle Goldengate Stream Analytics
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oracle Goldengate Stream Analytics.
By the Year
In 2025 there have been 0 vulnerabilities in Oracle Goldengate Stream Analytics. Goldengate Stream Analytics did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 9.80 |
2019 | 6 | 8.38 |
2018 | 2 | 8.65 |
It may take a day or so for new Goldengate Stream Analytics vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Goldengate Stream Analytics Security Vulnerabilities
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-20330
9.8 - Critical
- January 03, 2020
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10
CVE-2019-16335
9.8 - Critical
- September 15, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10
CVE-2019-14540
9.8 - Critical
- September 15, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Marshaling, Unmarshaling
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2
CVE-2019-14439
7.5 - High
- July 30, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Marshaling, Unmarshaling
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (
CVE-2019-14379
9.8 - Critical
- July 29, 2019
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Prototype Pollution
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta
CVE-2019-0201
5.9 - Medium
- May 23, 2019
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeepers getACL() command doesnt check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
AuthZ
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame
CVE-2019-0222
7.5 - High
- March 28, 2019
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Code Injection
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10
CVE-2018-8012
7.5 - High
- May 21, 2018
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
AuthZ
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2
CVE-2018-8088
9.8 - Critical
- March 20, 2018
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Goldengate Stream Analytics or by Oracle? Click the Watch button to subscribe.
