Oracle

Communications Unified Inventory Management

72 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-21347

Exploit
  • EPSS 2.63%
  • Published 23.03.2021 00:15:13
  • Last modified 23.05.2025 17:41:49

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.1

CVE-2021-21342

Exploit
  • EPSS 1.02%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:39:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

9.8

CVE-2021-21346

Exploit
  • EPSS 3.97%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 86.96%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

9.8

CVE-2021-21344

Exploit
  • EPSS 28.06%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

7.5

CVE-2021-21343

Exploit
  • EPSS 0.62%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:40:13

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

7.5

CVE-2021-21341

Exploit
  • EPSS 23.43%
  • Published 23.03.2021 00:15:12
  • Last modified 23.05.2025 17:38:30

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel executio...

9

CVE-2021-22112

  • EPSS 0.98%
  • Published 23.02.2021 19:15:13
  • Last modified 21.11.2024 05:49:31

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause th...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:15
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.51%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.