Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle retail back office 14.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-10423
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
Oracle Retail Back Office 13.2
Oracle Retail Back Office 13.3
Oracle Retail Back Office 13.4
Oracle Retail Back Office 14.0
Oracle Retail Back Office 14.1
6.1
CVSSv3
CVE-2021-35043
OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Antisamy Project Antisamy
Oracle Retail Back Office 14.0
Oracle Retail Back Office 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Banking Enterprise Default Management 2.6.2
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Enterprise Default Management 2.12.0
9.8
CVSSv3
CVE-2018-8013
In Apache Batik 1.x prior to 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deser...
Apache Batik
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Oracle Business Intelligence 11.1.1.7.0
Oracle Business Intelligence 11.1.1.9.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Diameter Signaling Router
Oracle Communications Metasolv Solution 6.3.0
Oracle Communications Webrtc Session Controller
1 Article
5.9
CVSSv3
CVE-2018-1271
Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to th...
Vmware Spring Framework
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Big Data Discovery 1.6.0
Oracle Communications Converged Application Server
Oracle Communications Diameter Signaling Router
Oracle Communications Performance Intelligence Center
Oracle Communications Policy Management 12.5.0
Oracle Communications Services Gatekeeper
Oracle Enterprise Manager Ops Center 12.2.2
1 Github repository
8.8
CVSSv3
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring Security
Vmware Spring Framework 5.0.5
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Testing Suite 10.1
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Big Data Discovery 1.6.0
5.5
CVSSv3
CVE-2021-36374
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats ...
Apache Ant
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Agile Plm 9.3.6
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Oracle Communications Diameter Intelligence Hub
Oracle Communications Order And Service Management 7.3
Oracle Communications Order And Service Management 7.4
Oracle Communications Unified Inventory Management 7.3.0
Oracle Communications Unified Inventory Management 7.4.0
5.5
CVSSv3
CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant before 1.9.16 and 1.10.11 were aff...
Apache Ant
Oracle Agile Plm 9.3.6
Oracle Banking Trade Finance 14.5
Oracle Banking Treasury Management 14.5
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Oracle Communications Order And Service Management 7.3
Oracle Communications Order And Service Management 7.4
Oracle Communications Unified Inventory Management 7.3.0
Oracle Communications Unified Inventory Management 7.4.0
Oracle Communications Unified Inventory Management 7.4.1
Oracle Communications Unified Inventory Management 7.4.2
4.3
CVSSv2
CVE-2015-0466
Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote malicious users to affect integrity via unknown vectors.
Oracle Retail Applications 12.0
Oracle Retail Applications 12.0in
Oracle Retail Applications 13.0
Oracle Retail Applications 13.1
Oracle Retail Applications 13.2
Oracle Retail Applications 13.3
Oracle Retail Applications 13.4
Oracle Retail Applications 14.0
Oracle Retail Applications 14.1
6.3
CVSSv3
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory bac...
Apache Ant
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.2
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Banking Enterprise Collections
Oracle Banking Liquidity Management
Oracle Banking Platform
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Category Management Planning & Optimization 15.0.3
8.1
CVSSv3
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a...
Apache Tomcat
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Communications Instant Messaging Server 10.0.1
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0
2 EDB exploits
19 Github repositories
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-13837
openanolis
shopwarden
mobatek
CVE-2024-13582
CVE-2025-25223
CVE-2025-24200
client side
CVE-2024-40591
CVE-2024-13627
type confusion
CSRF
softdiscover
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »