Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-14	CVE-2017-12629	XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. network low complexity apache redhat debian canonical CWE-611 critical	9.8
2017-10-05	CVE-2017-1000116	OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. network low complexity mercurial debian redhat CWE-78 critical	10.0
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8
2017-10-03	CVE-2017-14493	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. network low complexity redhat debian canonical opensuse thekelleys CWE-119 critical	9.8
2017-10-03	CVE-2017-14492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. network low complexity redhat debian canonical thekelleys CWE-119 critical	9.8
2017-08-10	CVE-2016-5018	In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. network low complexity apache netapp canonical debian redhat oracle critical	9.1
2017-08-08	CVE-2017-10111	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle debian redhat netapp critical	9.6
2017-08-08	CVE-2017-10107	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network low complexity oracle debian redhat netapp critical	9.6
2017-08-08	CVE-2017-10102	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network high complexity oracle debian phoenixcontact netapp redhat critical	9.0
2017-08-08	CVE-2017-10101	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle debian redhat netapp critical	9.6