16.04

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-31	CVE-2017-14064	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. network low complexity ruby-lang debian canonical redhat CWE-119 critical	9.8
2017-08-31	CVE-2017-14060	NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. network low complexity imagemagick canonical CWE-476	6.5
2017-08-30	CVE-2017-13769	Out-of-bounds Read vulnerability in multiple products The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. network low complexity imagemagick canonical debian CWE-125	6.5
2017-08-30	CVE-2017-13768	NULL Pointer Dereference vulnerability in multiple products Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. network low complexity imagemagick debian canonical CWE-476	6.5
2017-08-28	CVE-2017-12877	Use After Free vulnerability in multiple products Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. network low complexity imagemagick debian canonical CWE-416	6.5
2017-08-24	CVE-2017-12836	CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." network high complexity gnu canonical debian	7.5
2017-08-23	CVE-2017-13145	Improper Input Validation vulnerability in multiple products In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. network low complexity imagemagick debian canonical CWE-20	6.5
2017-08-23	CVE-2017-13139	Out-of-bounds Read vulnerability in multiple products In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. network low complexity imagemagick debian canonical CWE-125 critical	9.8
2017-08-11	CVE-2016-6796	A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. network low complexity apache debian netapp canonical oracle redhat	7.5
2017-08-10	CVE-2016-6797	Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. network low complexity apache oracle debian netapp canonical redhat CWE-863	7.5