5.9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-26	CVE-2021-23888	Open Redirect vulnerability in Mcafee Epolicy Orchestrator Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. network low complexity mcafee CWE-601	6.3
2021-02-16	CVE-2021-23840	Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. network low complexity openssl debian tenable oracle mcafee fujitsu nodejs CWE-190	7.5
2020-10-21	CVE-2020-14792	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). network oracle debian netapp mcafee opensuse	5.8
2020-10-21	CVE-2020-14782	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network oracle debian netapp mcafee opensuse	4.3
2020-07-15	CVE-2020-14621	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network low complexity oracle fedoraproject mcafee opensuse canonical debian netapp	5.3
2020-07-15	CVE-2020-14581	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). network high complexity oracle fedoraproject mcafee opensuse debian canonical netapp	3.7
2020-07-15	CVE-2020-14579	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle fedoraproject debian canonical mcafee opensuse netapp	3.7
2020-07-15	CVE-2020-14578	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle fedoraproject opensuse debian canonical mcafee netapp	3.7
2020-07-14	CVE-2020-13935	Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. network low complexity apache debian netapp opensuse canonical mcafee oracle CWE-835	7.5
2020-05-20	CVE-2020-9484	Deserialization of Untrusted Data vulnerability in multiple products When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. local high complexity apache debian opensuse fedoraproject canonical oracle mcafee CWE-502	7.0