added a few recent reports from red hat

database/java/2017/7525.yaml

@@ -0,0 +1,18 @@
+cve: 2017-7525
+title: "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
+description: >
+    A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
+references:
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1462702
+    - https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
+    - https://github.com/FasterXML/jackson-databind/issues/1737
+affected:
+    - groupId: "org.fasterxml.jackson.core"
+      artifactId: "jackson-databind"
+      version:
+        - "<=2.8.9,2.8"
+        - "<=2.9.0,2.9"
+        - "<=2.7,2"
+      fixedin:
+        - ">=2.8.10,2.8"
+        - ">=2.9.1,2.9"

database/java/2017/7674.yaml

@@ -0,0 +1,19 @@
+cve: 2017-7674
+title: "Tomcat: Vary header added by CORS filter leading to cache poisoning"
+description: >
+    The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
+references:
+    - https://bugzilla.redhat.com/show_bug.cgi?id=1480618
+    - https://tomcat.apache.org/security-7.html
+    - https://tomcat.apache.org/security-8.html
+affected:
+    - groupId: "org.apache.tomcat"
+      artifactId: "tomcat-catalina"
+      version:
+        - "<=8.5.15,8.5"
+        - "<=8.0.44,8.0"
+        - "<=7.0.78,7"
+      fixedin:
+        - ">=8.5.16,8.5"
+        - ">=8.0.45,8.0"
+        - ">=7.0.79,7"