19.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-02	CVE-2020-9547	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). network low complexity fasterxml netapp debian oracle CWE-502 critical	9.8
2020-03-02	CVE-2020-9546	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). network low complexity fasterxml netapp debian oracle CWE-502 critical	9.8
2020-01-03	CVE-2019-20330	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. network low complexity fasterxml oracle debian netapp CWE-502 critical	9.8
2019-08-30	CVE-2019-12402	Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. network low complexity apache fedoraproject oracle CWE-835	7.5
2019-07-26	CVE-2019-13990	XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. network low complexity softwareag oracle apache netapp atlassian CWE-611 critical	9.8
2019-04-22	CVE-2019-5427	XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. network low complexity mchange fedoraproject oracle CWE-776	7.5