Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Retail Merchandising System Security Vulnerabilities - January 2019

cve
cve

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8CVSS

9.8AI Score

0.037EPSS

2019-01-02 06:29 PM
142
2
cve
cve

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8CVSS

9.8AI Score

0.01EPSS

2019-01-02 06:29 PM
145
cve
cve

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

9.8CVSS

9.4AI Score

0.008EPSS

2019-01-02 06:29 PM
143
cve
cve

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

10CVSS

9.4AI Score

0.01EPSS

2019-01-02 06:29 PM
190
cve
cve

CVE-2018-3125

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle R...

6.5CVSS

5.7AI Score

0.001EPSS

2019-01-16 07:29 PM
36