Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
retail point-of-service vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2018-3126
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network acc...
Oracle Retail Xstore Point Of Service 16.0.4
Oracle Retail Xstore Point Of Service 15.0.2
Oracle Retail Xstore Point Of Service 17.0.2
7.5
CVSSv2
CVE-2019-0219
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.
Apache Cordova Inappbrowser
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
9.3
CVSSv2
CVE-2020-8174
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
Nodejs Node.js
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Mysql Cluster
Oracle Blockchain Platform
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
1 Github repository
5
CVSSv2
CVE-2020-8277
A Node.js application that allows an malicious user to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. ...
Nodejs Node.js
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Jd Edwards Enterpriseone Tools
Oracle Mysql Cluster
Oracle Blockchain Platform
C-ares Project C-ares
2 Github repositories
5
CVSSv2
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions before 1.4.19 may allow a remote malicious user to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of servic...
Xstream Project Xstream
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Oracle Flexcube Private Banking 12.1.0
Oracle Commerce Guided Search 11.3.2
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Oracle Communications Policy Management 12.6.0.0.0
Oracle Communications Diameter Intelligence Hub
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Oracle Communications Brm - Elastic Charging Engine
5
CVSSv2
CVE-2019-5427
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Mchange C3p0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Retail Xstore Point Of Service 17.0
Oracle Retail Xstore Point Of Service 18.0
Oracle Retail Xstore Point Of Service 19.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Ip Service Activator 7.3.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Session Route Manager
Oracle Enterprise Manager Base Platform 13.2.1.0
Oracle Documaker
5
CVSSv2
CVE-2017-9735
Jetty up to and including 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote malicious users to obtain access by observing elapsed times before rejection of incorrect passwords.
Eclipse Jetty
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Retail Xstore Point Of Service 16.0
Oracle Enterprise Manager Base Platform 13.3
Oracle Enterprise Manager Base Platform 13.2
Oracle Retail Xstore Point Of Service 17.0
Oracle Rest Data Services 12.2.0.1
Oracle Rest Data Services 12.1.0.2
Oracle Rest Data Services 11.2.0.4
Oracle Rest Data Services 18c
Oracle Communications Cloud Native Core Policy 1.5.0
5
CVSSv2
CVE-2017-15707
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Apache Struts
Netapp Oncommand Balance -
Oracle Retail Xstore Point Of Service 7.1.6
Oracle Retail Xstore Point Of Service 15.0.1
Oracle Retail Xstore Point Of Service 16.0.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.2.1.3
Oracle Enterprise Manager For Virtualization 13.2.3
Oracle Agile Plm Framework 9.3.6
Oracle Retail Xstore Point Of Service 6.5.11
Oracle Webcenter Portal 12.2.1.3.0
Oracle Global Lifecycle Management Opatchauto
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.4
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.5
Oracle Financial Services Market Risk Measurement And Management 8.0.5
Oracle Weblogic Server 12.2.1.2
Oracle Enterprise Manager For Virtualization 13.2.2
Oracle Retail Order Broker 5.2
Oracle Retail Xstore Point Of Service 7.0.6
Oracle Webcenter Portal 12.2.1.2.0
4.3
CVSSv2
CVE-2019-3739
RSA BSAFE Crypto-J versions before 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
Dell Bsafe Ssl-j
Dell Bsafe Crypto-j
Dell Bsafe Cert-j
Oracle Retail Service Backbone 14.1
Oracle Retail Integration Bus 14.1
Oracle Retail Service Backbone 15.0
Oracle Retail Integration Bus 15.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Integration Bus 16.0
Oracle Retail Xstore Point Of Service 17.0.3
Oracle Weblogic Server 12.2.1.4.0
Oracle Application Performance Management 13.3.0.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Database 12.1.0.2
Oracle Database 12.2.0.1
Oracle Database 18c
Oracle Database 19c
Oracle Retail Assortment Planning 15.0.3.0
Oracle Retail Predictive Application Server 14.1.3.0
Oracle Retail Predictive Application Server 15.0.3.0
Oracle Retail Assortment Planning 16.0.3.0
5
CVSSv2
CVE-2019-0190
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSS...
Apache Http Server 2.4.37
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »