Oracle: >> Retail Xstore Point Of Service >> 17.0 Security Vulnerabilities
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-05-11
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CVSS Score
5.9
EPSS Score
0.033
Published
2018-04-26
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-06-16
Page 4