Retail Xstore Point OF Service

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-01	CVE-2022-22963	Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. network low complexity vmware oracle CWE-917 critical	9.8
2022-04-01	CVE-2022-22965	Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. network low complexity vmware cisco oracle siemens veritas CWE-94 critical	9.8
2022-02-01	CVE-2021-43859	Resource Exhaustion vulnerability in multiple products XStream is an open source java library to serialize objects to XML and back again. network low complexity xstream-project fedoraproject debian oracle CWE-400	7.5
2021-12-28	CVE-2021-44832	Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. network high complexity apache oracle cisco fedoraproject debian CWE-20	6.6
2021-08-23	CVE-2021-39140	Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-835	6.3
2021-08-23	CVE-2021-39150	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-502	8.5
2021-08-23	CVE-2021-39152	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-502	8.5
2021-08-23	CVE-2021-39139	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-434	8.8
2021-08-23	CVE-2021-39141	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-434	8.5
2021-08-23	CVE-2021-39144	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.5