Communications Services Gatekeeper

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-24	CVE-2020-7226	Allocation of Resources Without Limits or Throttling vulnerability in multiple products CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. network low complexity vt oracle CWE-770	7.5
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-10-16	CVE-2019-2904	Unspecified vulnerability in Oracle products Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). network low complexity oracle critical	9.8
2019-04-22	CVE-2019-10247	Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. network low complexity eclipse netapp oracle debian CWE-200	5.3
2019-04-22	CVE-2019-10246	Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. network low complexity eclipse netapp oracle CWE-200	5.3
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-06-25	CVE-2018-11040	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. network low complexity vmware oracle debian CWE-829	7.5
2018-06-25	CVE-2018-11039	Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. network high complexity vmware oracle debian	5.9
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	8.8
2018-05-11	CVE-2018-1257	Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware redhat oracle	6.5