14.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-08	CVE-2019-10219	Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle CWE-79	6.1
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3
2019-07-26	CVE-2019-13990	XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. network low complexity softwareag oracle apache netapp atlassian CWE-611 critical	9.8
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-05-24	CVE-2018-8013	Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. network low complexity apache debian canonical oracle CWE-502 critical	9.8
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	6.5
2018-04-06	CVE-2018-1272	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. network vmware oracle	6.0
2018-04-06	CVE-2018-1271	Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. network vmware oracle CWE-22	4.3
2018-04-06	CVE-2018-1270	Code Injection vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware oracle redhat debian CWE-94 critical	9.8
2017-10-19	CVE-2017-10423	Unspecified vulnerability in Oracle Retail Back Office Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). network oracle	4.9