High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-27	CVE-2017-14746	Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. network low complexity samba redhat debian canonical CWE-416	7.5
2017-11-20	CVE-2017-16544	Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. network low complexity busybox debian vmware redlion canonical CWE-94	8.8
2017-11-15	CVE-2017-15115	Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. local low complexity linux debian suse canonical CWE-416	7.8
2017-11-06	CVE-2015-7529	Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. local low complexity sos-project canonical redhat CWE-59	7.8
2017-11-04	CVE-2017-16526	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. local low complexity linux canonical debian CWE-119	7.8
2017-10-11	CVE-2017-0903	Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. network low complexity rubygems debian canonical redhat CWE-502	7.5
2017-10-05	CVE-2017-15032	Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. network low complexity imagemagick canonical CWE-772	7.5
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1
2017-10-03	CVE-2017-14496	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. network low complexity redhat google debian novell canonical thekelleys CWE-191	7.5
2017-10-03	CVE-2017-14495	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. network low complexity redhat debian canonical thekelleys CWE-772	7.5