Oracle

Retail Sales Audit

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-10650

Exploit
  • EPSS 6.19%
  • Published 26.12.2022 20:15:10
  • Last modified 19.08.2025 16:37:03

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jt...

7.5

CVE-2020-36518

Exploit
  • EPSS 0.6%
  • Published 11.03.2022 07:15:07
  • Last modified 27.08.2025 21:15:36

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

8.1

CVE-2020-11620

  • EPSS 2.8%
  • Published 07.04.2020 23:15:12
  • Last modified 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

8.1

CVE-2020-11619

  • EPSS 1.73%
  • Published 07.04.2020 23:15:12
  • Last modified 21.11.2024 04:58:15

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8

CVE-2020-11112

  • EPSS 11.42%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8

CVE-2020-11111

  • EPSS 2.2%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:48

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8

CVE-2020-10969

  • EPSS 1.4%
  • Published 26.03.2020 13:15:13
  • Last modified 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8

CVE-2020-10968

  • EPSS 6.63%
  • Published 26.03.2020 13:15:12
  • Last modified 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8

CVE-2020-10673

  • EPSS 20.47%
  • Published 18.03.2020 22:15:12
  • Last modified 21.11.2024 04:55:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).