12.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-14	CVE-2020-11973	Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. network low complexity apache oracle CWE-502 critical	9.8
2020-05-14	CVE-2020-11972	Deserialization of Untrusted Data vulnerability in multiple products Apache Camel RabbitMQ enables Java deserialization by default. network low complexity apache oracle CWE-502	7.5
2020-05-14	CVE-2020-11971	Apache Camel's JMX is vulnerable to Rebind Flaw. network low complexity apache oracle	7.5
2020-05-14	CVE-2020-1945	Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. local high complexity apache canonical fedoraproject opensuse oracle CWE-668	6.3
2020-04-27	CVE-2020-9488	Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. network high complexity apache oracle debian qos CWE-295	3.7
2020-04-27	CVE-2020-9489	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. local low complexity apache oracle CWE-835	5.5
2020-03-23	CVE-2020-1951	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-835	5.5
2020-03-23	CVE-2020-1950	Resource Exhaustion vulnerability in multiple products A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-400	5.5
2020-01-17	CVE-2020-5397	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. network high complexity vmware oracle CWE-352	2.6
2020-01-17	CVE-2020-5398	Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. network high complexity vmware oracle netapp CWE-494	7.5