Oracle retail xstore point of service
This hub aggregates every CVE we track for Oracle retail xstore point of service, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
1
Critical
3
High
1
In CISA KEV
Severity distribution
MEDIUM9HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 13 most recently published vulnerabilities affecting Oracle retail xstore point of service.
- CVE-2021-39144XStream is vulnerable to a Remote Command Execution attackKEV8.5
- CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3
- CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1
- CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4
- CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3
- CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack5.8
- CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2020-35491FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.8.1
- CVE-2020-25649A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from...7.5
- CVE-2017-7658In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored t...9.8
Product normalization is registry-driven with AI assist and human review. How it works