Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-10 CVE-2016-8745 7PK - Errors vulnerability in Apache Tomcat
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times.
network
low complexity
apache CWE-388
7.5
2017-08-10 CVE-2016-6817 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Tomcat
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer.
network
low complexity
apache CWE-119
7.5
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
2017-08-10 CVE-2017-3130 Information Exposure vulnerability in Fortinet Fortios
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
network
low complexity
fortinet CWE-200
7.5
2017-08-10 CVE-2017-8518 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
high complexity
microsoft CWE-119
7.5
2017-08-10 CVE-2017-3156 Unspecified vulnerability in Apache CXF
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
network
low complexity
apache
7.5
2017-08-10 CVE-2017-12799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
local
low complexity
gnu CWE-119
7.8
2017-08-10 CVE-2016-8739 XXE vulnerability in Apache CXF
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders.
network
low complexity
apache CWE-611
7.5
2017-08-10 CVE-2017-1192 XXE vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2017-08-10 CVE-2017-1174 SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8