High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-18	CVE-2018-2639	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network high complexity oracle redhat	8.3
2018-01-18	CVE-2018-2638	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network high complexity oracle redhat netapp	8.3
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.1
2017-10-24	CVE-2017-12613	Out-of-bounds Read vulnerability in multiple products When apr_time_exp() or apr_os_exp_time() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. local low complexity apache debian redhat CWE-125	7.1
2017-10-19	CVE-2017-10388	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle redhat netapp debian	7.5
2017-10-19	CVE-2017-10309	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network low complexity oracle redhat netapp	7.1
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1
2017-09-19	CVE-2017-12615	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. network high complexity apache netapp redhat CWE-434	8.1
2017-08-11	CVE-2016-6796	A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. network low complexity apache debian netapp canonical oracle redhat	7.5
2017-08-10	CVE-2016-6797	Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. network low complexity apache oracle debian netapp canonical redhat CWE-863	7.5