Vulnerabilities > Oracle > Retail Customer Management AND Segmentation Foundation > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-12	CVE-2021-30129	Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. network low complexity apache oracle CWE-772	6.5
2021-06-12	CVE-2021-31811	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. local low complexity apache fedoraproject oracle CWE-770	5.5
2021-06-12	CVE-2021-31812	Infinite Loop vulnerability in multiple products In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. local low complexity apache fedoraproject oracle CWE-835	5.5
2021-03-19	CVE-2021-27906	A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. local low complexity apache fedoraproject oracle	5.5
2021-03-19	CVE-2021-27807	Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. local low complexity apache fedoraproject oracle CWE-834	5.5
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. network low complexity lodash oracle siemens	5.3
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. network high complexity vmware oracle netapp	6.5
2020-07-15	CVE-2020-14710	Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0 Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). network low complexity oracle	5.4
2020-07-15	CVE-2020-14708	Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0 Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). network low complexity oracle	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.