Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-03	CVE-2017-18017	Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. network low complexity linux debian arista f5 suse opensuse openstack canonical redhat CWE-416 critical	9.8
2017-12-11	CVE-2017-17499	Use After Free vulnerability in multiple products ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. network low complexity imagemagick canonical debian CWE-416 critical	9.8
2017-12-08	CVE-2017-17480	Out-of-bounds Write vulnerability in multiple products In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. network low complexity uclouvain debian canonical CWE-787 critical	9.8
2017-11-27	CVE-2017-14746	Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. network low complexity samba redhat debian canonical CWE-416 critical	9.8
2017-11-17	CVE-2017-16845	Improper Input Validation vulnerability in multiple products hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. network low complexity qemu debian canonical CWE-20 critical	10.0
2017-11-06	CVE-2017-16548	Out-of-bounds Read vulnerability in multiple products The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. network low complexity samba debian canonical CWE-125 critical	9.8
2017-10-14	CVE-2017-12629	XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. network low complexity apache redhat debian canonical CWE-611 critical	9.8
2017-10-11	CVE-2017-0903	Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. network low complexity rubygems debian canonical redhat CWE-502 critical	9.8
2017-10-05	CVE-2017-15032	Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. network low complexity imagemagick canonical CWE-772 critical	9.8
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8