Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-27	CVE-2017-5066	Improper Verification of Cryptographic Signature vulnerability in multiple products Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. network low complexity google redhat CWE-347	6.5
2017-10-27	CVE-2017-5065	Improper Input Validation vulnerability in multiple products Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. network low complexity google redhat CWE-20	4.7
2017-10-27	CVE-2017-5061	Race Condition vulnerability in multiple products A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network high complexity google redhat CWE-362	5.3
2017-10-27	CVE-2017-5060	Incorrect Authorization vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. network low complexity google redhat CWE-863	6.5
2017-10-26	CVE-2017-15906	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. network low complexity openbsd oracle debian netapp redhat CWE-732	5.3
2017-10-19	CVE-2017-10384	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). network low complexity oracle mariadb debian netapp redhat	4.0
2017-10-19	CVE-2017-10379	Incorrect Authorization vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). network low complexity oracle mariadb debian redhat netapp CWE-863	4.0
2017-10-19	CVE-2017-10378	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). network low complexity oracle mariadb debian redhat netapp	4.0
2017-10-19	CVE-2017-10357	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat netapp debian	5.3
2017-10-19	CVE-2017-10356	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). local low complexity oracle redhat netapp debian	6.2