High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-21	CVE-2015-5219	Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. network low complexity fedoraproject suse redhat debian canonical ntp novell opensuse siemens oracle CWE-704	7.5
2017-07-17	CVE-2017-1000029	Information Exposure vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. network low complexity oracle CWE-200	7.5
2017-07-17	CVE-2017-1000028	Path Traversal vulnerability in Oracle Glassfish Server 4.1 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. network low complexity oracle CWE-22	7.5
2017-06-22	CVE-2017-3629	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Oracle Solaris 10/11 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). local low complexity oracle CWE-119	7.8
2017-06-20	CVE-2017-7668	Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. network low complexity apache netapp redhat debian oracle apple CWE-125	7.5
2017-06-19	CVE-2017-1000376	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. local high complexity redhat debian libffi-project oracle CWE-119	7.0
2017-06-16	CVE-2017-9735	Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. network low complexity eclipse debian oracle CWE-203	7.5
2017-05-23	CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-04	CVE-2017-3730	NULL Pointer Dereference vulnerability in multiple products In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. network low complexity openssl oracle CWE-476	7.5