High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-11	CVE-2017-17503	Out-of-bounds Read vulnerability in multiple products ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17502	Out-of-bounds Read vulnerability in multiple products ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17501	Out-of-bounds Read vulnerability in multiple products WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-11	CVE-2017-17500	Out-of-bounds Read vulnerability in multiple products ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. network low complexity graphicsmagick debian CWE-125	8.8
2017-12-08	CVE-2017-16921	OS Command Injection vulnerability in multiple products In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. network low complexity otrs debian CWE-78	8.8
2017-12-07	CVE-2017-1000410	Information Exposure vulnerability in multiple products The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. network low complexity linux debian redhat CWE-200	7.5
2017-12-06	CVE-2017-17439	NULL Pointer Dereference vulnerability in multiple products In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. network low complexity debian heimdal-project CWE-476	7.5
2017-12-06	CVE-2017-17432	Reachable Assertion vulnerability in multiple products OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. network low complexity openafs debian CWE-617	7.5
2017-12-05	CVE-2017-15868	Improper Input Validation vulnerability in multiple products The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. local low complexity linux canonical debian CWE-20	7.8
2017-12-05	CVE-2016-1255	Link Following vulnerability in Debian Postgresql-Common The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. local low complexity debian CWE-59	7.8