Lucene search

K

Retail Customer Management And Segmentation Foundation Security Vulnerabilities

cve
cve

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it...

9.8CVSS

8.7AI Score

0.975EPSS

2022-04-01 11:15 PM
1743
In Wild
5
cve
cve

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until...

7.5CVSS

7.1AI Score

0.009EPSS

2021-08-18 03:15 PM
348
6
cve
cve

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD...

6.5CVSS

6.5AI Score

0.007EPSS

2021-07-12 12:15 PM
133
6
cve
cve

CVE-2021-31811

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x...

5.5CVSS

5.5AI Score

0.001EPSS

2021-06-12 10:15 AM
138
6
cve
cve

CVE-2021-31812

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x...

5.5CVSS

5.5AI Score

0.001EPSS

2021-06-12 10:15 AM
133
6
cve
cve

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the...

7.8CVSS

7.5AI Score

0.0005EPSS

2021-05-27 03:15 PM
127
9
cve
cve

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x...

5.5CVSS

5.5AI Score

0.001EPSS

2021-03-19 04:15 PM
111
16
cve
cve

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x...

5.5CVSS

5.5AI Score

0.001EPSS

2021-03-19 04:15 PM
119
17
cve
cve

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template...

7.2CVSS

7.1AI Score

0.006EPSS

2021-02-15 01:15 PM
243
10
cve
cve

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd...

5.3CVSS

5.8AI Score

0.002EPSS

2021-02-15 11:15 AM
167
6
cve
cve

CVE-2021-2057

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to....

6.3CVSS

5.9AI Score

0.001EPSS

2021-01-20 03:15 PM
27
cve
cve

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
225
7
cve
cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
221
6
cve
cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.004EPSS

2021-01-07 12:15 AM
222
16
cve
cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-07 12:15 AM
224
12
cve
cve

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
217
6
cve
cve

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
206
6
cve
cve

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
210
7
cve
cve

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
211
5
cve
cve

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
202
7
cve
cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
212
6
cve
cve

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2021-01-06 11:15 PM
213
4
cve
cve

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...

8.1CVSS

7.7AI Score

0.007EPSS

2020-12-27 05:15 AM
223
19
cve
cve

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

7.7AI Score

0.003EPSS

2020-12-17 07:15 PM
195
9
cve
cve

CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory.....

3.3CVSS

5.2AI Score

0.001EPSS

2020-12-10 11:15 PM
690
18
cve
cve

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request...

5.3CVSS

5.9AI Score

0.002EPSS

2020-12-02 05:15 PM
475
9
cve
cve

CVE-2020-25638

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS

7.6AI Score

0.004EPSS

2020-12-02 03:15 PM
234
2
cve
cve

CVE-2020-14732

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

3.1CVSS

3.4AI Score

0.001EPSS

2020-10-21 03:15 PM
20
cve
cve

CVE-2020-14731

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

3.1CVSS

3.3AI Score

0.001EPSS

2020-10-21 03:15 PM
20
cve
cve

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path...

6.5CVSS

7.5AI Score

0.153EPSS

2020-09-19 04:15 AM
197
6
cve
cve

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious...

9.8CVSS

9.3AI Score

0.004EPSS

2020-07-31 08:15 PM
81
cve
cve

CVE-2020-14709

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

7.1CVSS

6.5AI Score

0.001EPSS

2020-07-15 06:15 PM
21
cve
cve

CVE-2020-14710

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise....

5.4CVSS

5.1AI Score

0.001EPSS

2020-07-15 06:15 PM
19
cve
cve

CVE-2020-14708

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise.....

4.3CVSS

4.2AI Score

0.001EPSS

2020-07-15 06:15 PM
15
cve
cve

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses...

9.8CVSS

9.2AI Score

0.007EPSS

2020-05-01 07:15 PM
384
4
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...

6.9CVSS

6.8AI Score

0.061EPSS

2020-04-29 10:15 PM
5346
In Wild
18
cve
cve

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and...

3.7CVSS

6AI Score

0.002EPSS

2020-04-27 04:15 PM
299
17
cve
cve

CVE-2020-2953

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.8CVSS

9.1AI Score

0.006EPSS

2020-04-15 02:15 PM
19
cve
cve

CVE-2020-2648

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer...

6.2CVSS

6.5AI Score

0.0004EPSS

2020-01-15 05:15 PM
30
cve
cve

CVE-2020-2650

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

6.5CVSS

5.8AI Score

0.001EPSS

2020-01-15 05:15 PM
19
cve
cve

CVE-2020-2649

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the...

3.3CVSS

3.3AI Score

0.0004EPSS

2020-01-15 05:15 PM
21
cve
cve

CVE-2020-2567

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

4.8CVSS

4.4AI Score

0.001EPSS

2020-01-15 05:15 PM
24
cve
cve

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache...

9.8CVSS

9.2AI Score

0.006EPSS

2020-01-03 04:15 AM
305
4
cve
cve

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS...

6.1CVSS

6AI Score

0.002EPSS

2019-11-08 03:15 PM
168
6
cve
cve

CVE-2019-2883

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise.....

4.6CVSS

4.1AI Score

0.001EPSS

2019-10-16 06:15 PM
25
cve
cve

CVE-2019-2884

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

5.9CVSS

5.7AI Score

0.002EPSS

2019-10-16 06:15 PM
23
cve
cve

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to...

9.8CVSS

9.1AI Score

0.012EPSS

2019-10-07 12:15 AM
279
cve
cve

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to...

9.8CVSS

9.3AI Score

0.004EPSS

2019-09-15 10:15 PM
233
cve
cve

CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than...

9.8CVSS

9.3AI Score

0.004EPSS

2019-09-15 10:15 PM
177
cve
cve

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by...

7.5CVSS

7.1AI Score

0.005EPSS

2019-08-30 09:15 AM
144
6
Total number of security vulnerabilities63