Vulnerabilities > Oracle > Retail Xstore Point OF Service > 18.0.3

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39147 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
8.5
2021-08-23 CVE-2021-39148 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
8.5
2021-08-23 CVE-2021-39149 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
8.5
2021-08-23 CVE-2021-39151 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
8.5
2021-08-23 CVE-2021-39154 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
8.5
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
5.5
2021-05-28 CVE-2021-29505 Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again.
network
low complexity
xstream debian fedoraproject netapp oracle CWE-502
8.8
8.8
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
4.8
2021-03-23 CVE-2021-21351 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache xstream debian fedoraproject oracle CWE-434
critical
 9.1
9.1