High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-19	CVE-2017-10309	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). network low complexity oracle redhat netapp	7.1
2017-10-17	CVE-2017-13082	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. low complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	8.1
2017-10-16	CVE-2014-7851	Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. network high complexity ovirt redhat CWE-264	7.5
2017-10-05	CVE-2017-1000253	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). local low complexity redhat centos linux CWE-119	7.8
2017-10-05	CVE-2017-1000115	Link Following vulnerability in multiple products Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository network low complexity mercurial debian redhat CWE-59	7.5
2017-10-05	CVE-2017-1000111	Out-of-bounds Write vulnerability in multiple products Linux kernel: heap out-of-bounds in AF_PACKET sockets. local low complexity linux redhat debian CWE-787	7.8
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1
2017-10-03	CVE-2017-14496	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. network low complexity redhat google debian novell canonical thekelleys CWE-191	7.5
2017-10-03	CVE-2017-14495	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. network low complexity redhat debian canonical thekelleys CWE-772	7.5
2017-10-03	CVE-2017-13704	Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. network low complexity redhat debian novell canonical fedoraproject thekelleys CWE-20	7.5