High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-19	CVE-2017-10060	Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). network low complexity oracle	8.2
2017-10-19	CVE-2017-10050	Unspecified vulnerability in Oracle Hospitality Suite8 8.10.1/8.10.2 Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). network low complexity oracle	8.2
2017-10-19	CVE-2017-10037	Information Exposure vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). network low complexity oracle CWE-200	7.5
2017-10-19	CVE-2017-10034	Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Core Formatting API). network low complexity oracle	8.2
2017-10-19	CVE-2017-10026	Unspecified vulnerability in Oracle SOA Suite 11.1.1.7.0 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). network low complexity oracle	8.2
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1
2017-08-11	CVE-2016-6796	A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. network low complexity apache debian netapp canonical oracle redhat	7.5
2017-08-10	CVE-2016-6797	Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. network low complexity apache oracle debian netapp canonical redhat CWE-863	7.5
2017-08-08	CVE-2017-10246	Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). network low complexity oracle	8.2
2017-08-08	CVE-2017-10245	Unspecified vulnerability in Oracle General Ledger Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). network low complexity oracle	7.5