16.2

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-11	CVE-2018-1275	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware oracle critical	9.8
2018-04-06	CVE-2018-1272	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. network high complexity vmware oracle	7.5
2018-04-06	CVE-2018-1271	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. network high complexity vmware oracle	5.9
2018-04-06	CVE-2018-1270	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware oracle redhat debian critical	9.8
2018-01-18	CVE-2015-9251	Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. network low complexity jquery oracle CWE-79	6.1
2017-04-24	CVE-2017-3508	Unspecified vulnerability in Oracle Primavera Gateway Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). network low complexity oracle critical	9.1
2017-04-24	CVE-2017-3500	Unspecified vulnerability in Oracle Primavera Gateway Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). network low complexity oracle	8.7