High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-20	CVE-2017-17806	Out-of-bounds Write vulnerability in multiple products The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. local low complexity linux suse debian opensuse-project opensuse canonical CWE-787	7.8
2017-12-20	CVE-2017-17805	Improper Input Validation vulnerability in multiple products The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. local low complexity linux suse debian opensuse-project opensuse canonical CWE-20	7.8
2017-12-05	CVE-2016-1254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. network low complexity torproject opensuse-project debian fedoraproject opensuse CWE-119	7.5
2017-04-12	CVE-2016-9959	Out-of-bounds Write vulnerability in multiple products game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-787	7.8
2017-04-12	CVE-2016-9958	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-119	7.8
2017-04-12	CVE-2016-9957	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in game-music-emu before 0.6.1. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-119	7.8
2017-03-20	CVE-2014-9847	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. network low complexity opensuse-project opensuse canonical imagemagick CWE-119	7.5
2017-03-20	CVE-2014-9846	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. network low complexity suse opensuse opensuse-project canonical imagemagick CWE-119	7.5
2017-03-20	CVE-2014-9843	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. network low complexity opensuse opensuse-project canonical imagemagick CWE-119	7.5
2017-03-20	CVE-2014-9841	7PK - Errors vulnerability in multiple products The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." network low complexity opensuse opensuse-project canonical imagemagick CWE-388	7.5