High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-17	CVE-2017-15565	NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. network low complexity freedesktop debian CWE-476	8.8
2017-10-17	CVE-2017-13082	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. low complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	8.1
2017-10-16	CVE-2015-7504	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. local low complexity qemu xen debian CWE-787	8.8
2017-10-11	CVE-2017-2888	Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. network low complexity libsdl canonical debian CWE-190	8.8
2017-10-11	CVE-2017-2887	Out-of-bounds Write vulnerability in multiple products An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. network low complexity libsdl debian CWE-787	8.8
2017-10-11	CVE-2017-15238	Use After Free vulnerability in multiple products ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. network low complexity graphicsmagick debian CWE-416	8.8
2017-10-10	CVE-2017-15191	Use of Externally-Controlled Format String vulnerability in multiple products In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. network low complexity wireshark debian CWE-134	7.5
2017-10-10	CVE-2017-5637	Missing Authentication for Critical Function vulnerability in multiple products Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. network low complexity apache debian CWE-306	7.5
2017-10-10	CVE-2017-13723	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. local low complexity x-org debian CWE-119	7.8
2017-10-05	CVE-2017-1000115	Link Following vulnerability in multiple products Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository network low complexity mercurial debian redhat CWE-59	7.5