Oracle

Communications Unified Inventory Management

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-39139

  • EPSS 0.84%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

5.5

CVE-2021-36374

  • EPSS 0.15%
  • Veröffentlicht 14.07.2021 07:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:38

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. ...

5.5

CVE-2021-36373

  • EPSS 0.11%
  • Veröffentlicht 14.07.2021 07:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:37

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prio...

7.5

CVE-2021-36090

  • EPSS 0.8%
  • Veröffentlicht 13.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:08

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...

8.8

CVE-2021-29505

  • EPSS 90.35%
  • Veröffentlicht 28.05.2021 21:15:08
  • Zuletzt bearbeitet 30.05.2025 00:15:20

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input str...

7.8

CVE-2021-22118

  • EPSS 0.19%
  • Veröffentlicht 27.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:32

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or ...

9.1

CVE-2021-21351

Exploit
  • EPSS 91.27%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:34:20

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inpu...

9.8

CVE-2021-21350

Exploit
  • EPSS 8.24%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:43:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is a...

8.6

CVE-2021-21349

Exploit
  • EPSS 5.91%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:48

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...

7.8

CVE-2021-21348

  • EPSS 0.2%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is aff...