Latest oracle retail xstore point of service Vulnerabilities

CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU ...
redhat/jenkins<0:2.319.3.1650348949-1.el7
redhat/xstream<1.4.19
Xstream Project Xstream<1.4.19
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 13 more
CVE-2021-44832
Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appe...
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
Apache Log4j=2.0-beta9
Apache Log4j=2.15.0
Apache Log4j=2.17.0
Apache Log4j=1.2.x
and 58 more
CVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39141
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39144
XStream Remote Code Execution Vulnerability
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
XStream XStream
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
and 34 more
CVE-2021-39151
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on ...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39145
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-39154
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39146
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39148
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39149
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 33 more
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...
redhat/xstream<0:1.3.1-16.el7_9
debian/libxstream-java
redhat/xstream<1.4.18
Xstream Project Xstream<1.4.18
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-36374
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted ZIP archive, a remote a...
maven/org.apache.ant:ant>=1.9.0<1.9.16
maven/org.apache.ant:ant>=1.10.0<1.10.11
Apache Ant>=1.9.0<1.9.16
Apache Ant>=1.10.0<1.10.11
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
and 75 more
CVE-2021-36373
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote a...
redhat/Apache Ant<1.9.16
redhat/Ant<1.10.11
Apache Ant>=1.9.0<1.9.16
Apache Ant>=1.10.0<1.10.11
Oracle Agile PLM=9.3.6
Oracle Banking Trade Finance=14.5
and 69 more
CVE-2021-29505
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the...
redhat/xstream<0:1.3.1-14.el7_9
debian/libxstream-java
redhat/xstream<1.4.17
Xstream Project Xstream<1.4.17
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 37 more
CVE-2021-29425
Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-cra...
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 185 more
CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Corporate Lending Process Management=14.2.0
and 37 more
CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
redhat/pdfbox<2.0.23
Apache PDFBox>=2.0.0<=2.0.22
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Oracle Banking Trade Finance Process Management=14.2.0
and 26 more
CVE-2021-21351
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a r...
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 30 more
CVE-2021-21343
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 29 more
CVE-2021-21346
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr...
redhat/xstream<0:1.3.1-13.el7_9
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 33 more
CVE-2021-21347
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr...
redhat/xstream<0:1.3.1-13.el7_9
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 34 more
CVE-2021-21345
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute ...
redhat/xstream<0:1.3.1-13.el7_9
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 32 more
CVE-2021-21342
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 28 more
CVE-2021-21349
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resourc...
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 33 more
CVE-2021-21344
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code fr...
redhat/xstream<0:1.3.1-13.el7_9
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 32 more
CVE-2021-21348
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maxi...
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 30 more
CVE-2021-21341
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target...
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 25 more
CVE-2021-21350
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by man...
redhat/xstream<0:1.3.1-13.el7_9
debian/libxstream-java
redhat/xstream<1.4.16
Xstream Project Xstream<1.4.16
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 34 more
CVE-2020-36179
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 65 more
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-36183
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.00<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0.<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36180
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
and 72 more
CVE-2020-36182
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
and 72 more
CVE-2020-36185
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36184
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 71 more
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka em...
IBM Disconnected Log Collector<=v1.0 - v1.8.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.9.0<2.9.10.8
Debian Debian Linux=9.0
NetApp Service Level Manager
and 62 more
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 73 more
CVE-2020-36189
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind<2.6.7.5
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<2.9.10.8
IBM Disconnected Log Collector<=v1.0 - v1.8.2
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
and 65 more
CVE-2020-36186
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-36187
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.9.10.8
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.6.7.5
FasterXML jackson-databind>=2.7.0<2.9.10.8
Netapp Cloud Backup
NetApp Service Level Manager
and 71 more
CVE-2020-35490
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.9.10.7
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
and 35 more
CVE-2020-35491
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity...
IBM Security Verify Governance<=10.0
redhat/jackson-databind<2.9.10.8
FasterXML jackson-databind>=2.0.0<2.9.10.8
NetApp Service Level Manager
Debian Debian Linux=9.0
Oracle Agile PLM=9.3.6
and 35 more
CVE-2020-26217
XStream could allow a remote attacker to execute arbitrary code on the system, caused by flaws in the XStream.java and SecurityVulnerabilityTest.java scripts. By manipulating the processed input strea...
redhat/xstream<0:1.3.1-12.el7_9
debian/libxstream-java
IBM RDNG<=6.0.2
IBM DOORS Next<=7.0
IBM DOORS Next<=7.0.1
IBM DOORS Next<=7.0.2
and 56 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203