Oracle

Commerce Guided Search

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2021-39146

  • EPSS 44.88%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:48:45

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39145

  • EPSS 0.59%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:52:04

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39144

Warnung Exploit
  • EPSS 94.41%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:25

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39141

Exploit
  • EPSS 81.84%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:52:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.8

CVE-2021-39139

  • EPSS 0.8%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

5.4

CVE-2021-37695

  • EPSS 0.4%
  • Veröffentlicht 13.08.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:43

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed F...

5.4

CVE-2021-32809

  • EPSS 0.21%
  • Veröffentlicht 12.08.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:47

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionali...

5.4

CVE-2021-32808

  • EPSS 1.22%
  • Veröffentlicht 12.08.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:47

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malform...

4

CVE-2021-2348

  • EPSS 0.2%
  • Veröffentlicht 21.07.2021 15:15:20
  • Zuletzt bearbeitet 21.11.2024 06:02:56

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low priv...

4.9

CVE-2021-2346

  • EPSS 0.19%
  • Veröffentlicht 21.07.2021 15:15:19
  • Zuletzt bearbeitet 21.11.2024 06:02:55

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low priv...