CVE-2018-3125
- EPSS 0.5%
- Published 16.01.2019 19:29:36
- Last modified 21.11.2024 04:05:12
Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker wi...
- EPSS 9.9%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720
- EPSS 3.41%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719
- EPSS 2.65%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718
- EPSS 14.75%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:49:39
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-2730
- EPSS 0.19%
- Published 18.01.2018 02:29:25
- Last modified 21.11.2024 04:04:20
Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network...