16.0.3

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-24	CVE-2022-23437	Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. network low complexity apache oracle netapp CWE-835	6.5
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-09-19	CVE-2021-40690	All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. network low complexity apache debian oracle	7.5
2021-04-13	CVE-2021-29425	Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. network high complexity apache debian oracle netapp CWE-22	4.8
2021-01-06	CVE-2020-36189	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-10-01	CVE-2020-11979	As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. network low complexity apache gradle fedoraproject oracle	7.5
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. network high complexity vmware oracle netapp	6.5
2019-11-08	CVE-2019-10219	A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle	6.1