High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-11	CVE-2017-17502	Out-of-bounds Read vulnerability in multiple products ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17501	Out-of-bounds Read vulnerability in multiple products WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17500	Out-of-bounds Read vulnerability in multiple products ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17499	Use After Free vulnerability in multiple products ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. network low complexity imagemagick canonical debian CWE-416	7.5
2017-12-08	CVE-2017-17480	Out-of-bounds Write vulnerability in multiple products In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. network low complexity uclouvain debian canonical CWE-787	7.5
2017-12-06	CVE-2017-17432	Reachable Assertion vulnerability in multiple products OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. network low complexity openafs debian CWE-617	7.8
2017-12-05	CVE-2017-15868	Improper Input Validation vulnerability in multiple products The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. local low complexity linux canonical debian CWE-20	7.8
2017-12-05	CVE-2016-1255	Link Following vulnerability in Debian Postgresql-Common The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. local low complexity debian canonical CWE-59	7.2
2017-12-05	CVE-2016-1254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. network low complexity torproject opensuse-project debian fedoraproject opensuse CWE-119	7.5
2017-12-01	CVE-2017-17085	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. network low complexity wireshark debian CWE-754	7.5