Oracle

Communications Unified Inventory Management

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-21347

Exploit
  • EPSS 2.89%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:41:49

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.1

CVE-2021-21342

Exploit
  • EPSS 1.02%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:39:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

9.8

CVE-2021-21346

Exploit
  • EPSS 3.97%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 87.08%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

9.8

CVE-2021-21344

Exploit
  • EPSS 28.06%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

7.5

CVE-2021-21343

Exploit
  • EPSS 0.69%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:13

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

7.5

CVE-2021-21341

Exploit
  • EPSS 23.43%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:38:30

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel executio...

9

CVE-2021-22112

  • EPSS 0.98%
  • Veröffentlicht 23.02.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:49:31

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause th...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.06%
  • Veröffentlicht 07.01.2021 00:15:15
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.72%
  • Veröffentlicht 07.01.2021 00:15:14
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.