Oracle » Commerce Guided Search (Seite 2)

7.5

CVE-2021-22946

Exploit

EPSS 0.07%
Veröffentlicht 29.09.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 05:50:59

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...

7.5

CVE-2021-40690

EPSS 0.33%
Veröffentlicht 19.09.2021 18:15:07
Zuletzt bearbeitet 21.11.2024 06:24:34

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...

8.5

CVE-2021-39152

Exploit

EPSS 67.83%
Veröffentlicht 23.08.2021 19:15:13
Zuletzt bearbeitet 23.05.2025 16:47:47

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

8.5

CVE-2021-39150

Exploit

EPSS 2.31%
Veröffentlicht 23.08.2021 19:15:12
Zuletzt bearbeitet 23.05.2025 16:48:02

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

6.3

CVE-2021-39140

Exploit

EPSS 0.12%
Veröffentlicht 23.08.2021 19:15:10
Zuletzt bearbeitet 23.05.2025 16:50:34

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload r...

8.5