Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-27	CVE-2017-5053	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. network low complexity google redhat CWE-125 critical	9.6
2017-10-19	CVE-2017-10285	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network low complexity oracle debian redhat netapp critical	9.6
2017-10-05	CVE-2017-1000116	OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. network low complexity mercurial debian redhat CWE-78 critical	10.0
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8
2017-10-03	CVE-2017-14492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. network low complexity redhat debian canonical thekelleys CWE-119 critical	9.8
2017-10-03	CVE-2017-14493	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. network low complexity redhat debian canonical opensuse thekelleys CWE-119 critical	9.8
2017-08-10	CVE-2016-5018	In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. network low complexity apache netapp canonical debian redhat oracle critical	9.1
2017-08-08	CVE-2017-10087	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle debian redhat netapp critical	9.6
2017-08-08	CVE-2017-10090	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle debian netapp redhat critical	9.6
2017-08-08	CVE-2017-10096	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). network low complexity oracle debian redhat netapp critical	9.6