Vulnerabilities > Oracle > Retail Point OF Service

DATE CVE VULNERABILITY TITLE RISK
2019-04-23 CVE-2019-2558 Unspecified vulnerability in Oracle Retail Point-Of-Service 13.4/14.0/14.1
Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure).
network
low complexity
oracle
7.3
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-05-24 CVE-2018-8013 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.
network
low complexity
apache debian canonical oracle CWE-502
critical
9.8
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
8.8
2018-04-19 CVE-2018-2862 Unspecified vulnerability in Oracle Retail Point-Of-Service
Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface).
network
low complexity
oracle
7.1
2017-10-19 CVE-2017-10065 Unspecified vulnerability in Oracle Retail Point-Of-Service
Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security).
network
low complexity
oracle
8.5
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1