Vulnerabilities > Oracle > Retail Xstore Point OF Service
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-01 | CVE-2022-22963 | Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 9.8 |
2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
2022-02-01 | CVE-2021-43859 | Resource Exhaustion vulnerability in multiple products XStream is an open source java library to serialize objects to XML and back again. | 7.5 |
2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
2021-08-23 | CVE-2021-39140 | XStream is a simple library to serialize objects to XML and back again. | 6.3 |
2021-08-23 | CVE-2021-39150 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
2021-08-23 | CVE-2021-39152 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
2021-08-23 | CVE-2021-39139 | XStream is a simple library to serialize objects to XML and back again. | 8.8 |
2021-08-23 | CVE-2021-39141 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
2021-08-23 | CVE-2021-39144 | Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |