Oracle Retail_xstore_point_of_service
14 CVEs affecting Oracle Retail_xstore_point_of_service. Latest disclosed: 2021-12-28. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-9546 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax… |
CVE-2020-11113 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr… |
CVE-2020-11112 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide… |
CVE-2017-10214 | High | 8.2 | 2017-08-08 | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are a… |
CVE-2020-36183 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib… |
CVE-2020-35728 | High | 8.1 | 2020-12-27 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache… |
CVE-2020-11619 | High | 8.1 | 2020-04-07 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.M… |
CVE-2017-9735 | High | 7.5 | 2017-06-16 | Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elaps… |
CVE-2021-44832 | Medium | 6.6 | 2021-12-28 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when… |
CVE-2017-10427 | Medium | 6.5 | 2017-10-19 | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are a… |
CVE-2017-10183 | Medium | 6.5 | 2017-08-08 | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are a… |
CVE-2017-15707 | Medium | 6.2 | 2017-12-01 | In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious reques… |
CVE-2016-3429 | Medium | 4.5 | 2016-04-21 | Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote a… |
CVE-2020-9488 | Low | 3.7 | 2020-04-27 | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-mid… |