15.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-15	CVE-2020-2707	Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). network low complexity oracle	5.4
2019-10-16	CVE-2019-3020	Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). network low complexity oracle critical	9.3
2019-10-02	CVE-2019-17091	Cross-site Scripting vulnerability in multiple products faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. network low complexity eclipse oracle CWE-79	6.1
2019-01-16	CVE-2019-2512	Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). network high complexity oracle	4.7
2019-01-02	CVE-2018-19362	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. network low complexity fasterxml debian oracle redhat CWE-502 critical	9.8
2019-01-02	CVE-2018-19361	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. network low complexity fasterxml debian oracle redhat CWE-502 critical	9.8
2019-01-02	CVE-2018-19360	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. network low complexity fasterxml debian oracle redhat CWE-502 critical	9.8
2019-01-02	CVE-2018-14719	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. network low complexity fasterxml debian oracle redhat netapp CWE-502 critical	9.8
2019-01-02	CVE-2018-14718	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. network low complexity fasterxml debian oracle netapp redhat CWE-502 critical	9.8
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7