16.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-14	CVE-2020-35460	Path Traversal vulnerability in multiple products common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. network low complexity mpxj oracle CWE-22	5.3
2020-12-07	CVE-2020-17521	Apache Groovy provides extension methods to aid with creating temporary directories. local low complexity apache netapp oracle	5.5
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3
2020-10-01	CVE-2020-11979	As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. network low complexity apache gradle fedoraproject oracle	7.5
2020-08-29	CVE-2020-25020	XXE vulnerability in multiple products MPXJ through 8.1.3 allows XXE attacks. network low complexity mpxj oracle CWE-611 critical	9.8
2020-07-15	CVE-2020-14617	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). network low complexity oracle	5.7
2020-05-14	CVE-2020-1945	Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. local high complexity apache canonical fedoraproject opensuse oracle CWE-668	6.3
2020-04-27	CVE-2020-9489	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. local low complexity apache oracle CWE-835	5.5
2020-04-07	CVE-2020-11620	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-04-07	CVE-2020-11619	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). network high complexity fasterxml debian netapp oracle CWE-502	8.1