Vulnerabilities > Redhat > Enterprise Linux Server TUS > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-11 CVE-2016-6796 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
network
low complexity
apache debian netapp canonical oracle redhat
7.5
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
2017-08-08 CVE-2017-10116 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle phoenixcontact debian redhat netapp
8.3
2017-08-08 CVE-2017-10115 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).
network
low complexity
oracle debian phoenixcontact redhat netapp
7.5
2017-08-08 CVE-2017-10078 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting).
network
low complexity
oracle debian redhat phoenixcontact netapp
8.1
2017-08-08 CVE-2017-10074 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
high complexity
oracle debian redhat netapp
8.3
2017-08-08 CVE-2017-10067 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle debian redhat netapp
7.5
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
7.5
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
7.5
2017-08-07 CVE-2015-7692 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5