Oracle Retail_merchandising_system
56 CVEs affecting Oracle Retail_merchandising_system. Latest disclosed: 2022-12-26. Critical: 12, High: 31.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-14721 | Critical | 10.0 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block t… |
CVE-2022-22965 | Critical | 9.8 | 2022-04-01 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires t… |
CVE-2020-5413 | Critical | 9.8 | 2020-07-31 | Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, al… |
CVE-2020-9548 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPC… |
CVE-2020-9546 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax… |
CVE-2019-20330 | Critical | 9.8 | 2020-01-03 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
CVE-2019-17531 | Critical | 9.8 | 2019-10-12 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16943 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-16942 | Critical | 9.8 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific… |
CVE-2018-14720 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK c… |
CVE-2018-14719 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds… |
CVE-2018-14718 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from poly… |
CVE-2020-11113 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr… |
CVE-2020-11112 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide… |
CVE-2020-11111 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activ… |
CVE-2020-10969 | High | 8.8 | 2020-03-26 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
CVE-2020-10968 | High | 8.8 | 2020-03-26 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remo… |
CVE-2020-10673 | High | 8.8 | 2020-03-18 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.Resource… |
CVE-2020-10672 | High | 8.8 | 2020-03-18 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |