Retail Merchandising System

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-06	CVE-2020-36184	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2021-01-06	CVE-2020-36181	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2020-12-27	CVE-2020-35728	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-12-17	CVE-2020-35491	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-17	CVE-2020-35490	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-07	CVE-2020-17521	Apache Groovy provides extension methods to aid with creating temporary directories. local low complexity apache netapp oracle	5.5
2020-10-01	CVE-2020-11979	As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. network low complexity apache gradle fedoraproject oracle	7.5
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. network high complexity vmware oracle netapp	6.5
2020-07-31	CVE-2020-5413	Deserialization of Untrusted Data vulnerability in multiple products Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. network low complexity vmware oracle CWE-502	7.5
2020-05-14	CVE-2020-1945	Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. local high complexity apache canonical fedoraproject opensuse oracle CWE-668	6.3