Vulnerabilities > Oracle > Retail Xstore Point OF Service > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39149 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
2021-08-23 CVE-2021-39151 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
2021-08-23 CVE-2021-39154 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream fedoraproject debian netapp oracle CWE-434
8.5
2021-05-28 CVE-2021-29505 Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again.
network
low complexity
xstream debian fedoraproject netapp oracle CWE-502
8.8
2021-03-23 CVE-2021-21349 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
8.6
2021-03-23 CVE-2021-21348 Resource Exhaustion vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
7.5
2021-03-23 CVE-2021-21343 External Control of File Name or Path vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
7.5
2021-03-23 CVE-2021-21341 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
7.5
2021-01-07 CVE-2020-36183 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-07 CVE-2020-36182 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1