Vulnerabilities > Oracle > Retail Xstore Point OF Service > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-28 CVE-2021-44832 Improper Input Validation vulnerability in multiple products
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
high complexity
apache oracle cisco fedoraproject debian CWE-20
6.6
2021-08-23 CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. 6.3
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-03-19 CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache fedoraproject oracle
5.5
2021-03-19 CVE-2021-27807 Excessive Iteration vulnerability in multiple products
A carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-834
5.5
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1