High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-28	CVE-2017-9985	Out-of-bounds Read vulnerability in multiple products The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. local low complexity linux canonical CWE-125	7.8
2017-06-27	CVE-2015-5180	NULL Pointer Dereference vulnerability in multiple products res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). network low complexity canonical gnu CWE-476	7.5
2017-06-26	CVE-2017-9935	Out-of-bounds Read vulnerability in multiple products In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. network low complexity libtiff canonical debian CWE-125	8.8
2017-06-08	CVE-2017-9022	Improper Input Validation vulnerability in multiple products The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. network low complexity strongswan debian canonical CWE-20	7.5
2017-06-01	CVE-2017-8386	git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. network low complexity git opensuse debian canonical fedoraproject	8.8
2017-05-23	CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-04-18	CVE-2017-7645	Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. network low complexity linux debian canonical CWE-20	7.5
2017-04-17	CVE-2017-7889	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. local low complexity linux debian canonical CWE-732	7.8
2017-04-14	CVE-2016-6489	Information Exposure Through Discrepancy vulnerability in multiple products The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. network low complexity redhat canonical nettle-project CWE-203	7.5