Vulnerabilities > Oracle > Retail Point OF Service
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-23 | CVE-2019-2558 | Unspecified vulnerability in Oracle Retail Point-Of-Service 13.4/14.0/14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure). | 7.3 |
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |
2018-04-19 | CVE-2018-2862 | Unspecified vulnerability in Oracle Retail Point-Of-Service Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). | 7.1 |
2017-10-19 | CVE-2017-10065 | Unspecified vulnerability in Oracle Retail Point-Of-Service Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). | 8.5 |
2017-10-04 | CVE-2017-12617 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. | 8.1 |