Hospitality Opera 5

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-21	CVE-2021-2351	Session Fixation vulnerability in Oracle products Vulnerability in the Advanced Networking Option component of Oracle Database Server. network high complexity oracle CWE-384	8.3
2020-12-11	CVE-2020-17530	Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. network low complexity apache oracle CWE-917	7.5
2020-12-07	CVE-2020-17521	Apache Groovy provides extension methods to aid with creating temporary directories. local low complexity apache netapp oracle	5.5
2020-11-12	CVE-2019-17566	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. network low complexity apache oracle CWE-918	7.5
2020-05-11	CVE-2018-1285	XXE vulnerability in multiple products Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. network low complexity apache fedoraproject oracle netapp CWE-611 critical	9.8
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3