High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-20	CVE-2017-17806	Out-of-bounds Write vulnerability in multiple products The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. local low complexity linux suse debian opensuse-project opensuse canonical CWE-787	7.8
2017-12-20	CVE-2017-17805	Improper Input Validation vulnerability in multiple products The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. local low complexity linux suse debian opensuse-project opensuse canonical CWE-20	7.8
2017-12-05	CVE-2016-1254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. network low complexity torproject opensuse-project debian fedoraproject opensuse CWE-119	7.5
2017-09-28	CVE-2015-3138	Improper Input Validation vulnerability in multiple products print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). network low complexity tcpdump opensuse-project opensuse CWE-20	7.5
2017-08-09	CVE-2015-3405	Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. network low complexity ntp debian suse opensuse-project opensuse fedoraproject redhat CWE-331	7.5
2017-04-12	CVE-2016-9959	Out-of-bounds Write vulnerability in multiple products game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-787	7.8
2017-04-12	CVE-2016-9958	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-119	7.8
2017-04-12	CVE-2016-9957	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in game-music-emu before 0.6.1. local low complexity opensuse-project suse opensuse game-music-emu-project CWE-119	7.8
2017-03-24	CVE-2016-7797	7PK - Security Features vulnerability in multiple products Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. network low complexity clusterlabs suse opensuse-project opensuse redhat CWE-254	7.5
2017-03-23	CVE-2016-10048	Path Traversal vulnerability in multiple products Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. network low complexity imagemagick opensuse-project CWE-22	7.5