4.3.0.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-18	CVE-2021-45105	Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. network high complexity apache netapp debian sonicwall oracle CWE-674	5.9
2021-07-14	CVE-2021-36373	When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. local low complexity apache oracle	5.5
2021-07-14	CVE-2021-36374	When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. local low complexity apache oracle	5.5
2021-01-20	CVE-2020-14756	Unspecified vulnerability in Oracle Coherence and Utilities Framework Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). network low complexity oracle critical	9.8
2020-05-14	CVE-2020-1945	Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. local high complexity apache canonical fedoraproject opensuse oracle CWE-668	6.3
2020-05-01	CVE-2020-10683	XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. network low complexity dom4j-project oracle opensuse netapp canonical CWE-611 critical	9.8
2020-04-27	CVE-2020-9488	Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. network high complexity apache oracle debian qos CWE-295	3.7
2020-01-15	CVE-2020-2555	Deserialization of Untrusted Data vulnerability in Oracle products Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). network low complexity oracle CWE-502 critical	9.8
2019-11-08	CVE-2019-10219	A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle	6.1
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3