High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-24	CVE-2017-12136	Race Condition vulnerability in multiple products Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. local high complexity xen citrix debian CWE-362	7.8
2017-08-24	CVE-2017-12135	Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. local low complexity xen citrix debian CWE-682	8.8
2017-08-23	CVE-2017-12904	Improper Neutralization of Special Elements in Data Query Logic vulnerability in multiple products Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. network low complexity newsbeuter debian CWE-943	8.8
2017-08-23	CVE-2017-11610	Incorrect Default Permissions vulnerability in multiple products The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. network low complexity supervisord fedoraproject debian redhat CWE-276	8.8
2017-08-22	CVE-2017-5208	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. network low complexity icoutils-project debian redhat CWE-190	8.8
2017-08-19	CVE-2017-10661	Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. local high complexity linux redhat debian CWE-416	7.0
2017-08-18	CVE-2017-12937	Out-of-bounds Read vulnerability in multiple products The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. network low complexity graphicsmagick debian CWE-125	8.8
2017-08-18	CVE-2017-12936	Use After Free vulnerability in multiple products The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. network low complexity graphicsmagick debian CWE-416	8.8
2017-08-18	CVE-2017-12935	Out-of-bounds Read vulnerability in multiple products The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. network low complexity graphicsmagick debian CWE-125	8.8
2017-08-16	CVE-2017-7548	PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. network low complexity postgresql debian	7.5