42.2

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-17	CVE-2017-13080	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. canonical debian freebsd opensuse redhat w1-fi suse CWE-330	2.9
2017-10-17	CVE-2017-13079	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. canonical debian freebsd opensuse redhat w1-fi suse CWE-330	2.9
2017-10-17	CVE-2017-13078	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. canonical debian freebsd opensuse redhat w1-fi suse CWE-330	2.9
2017-10-17	CVE-2017-13077	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. canonical debian freebsd opensuse redhat w1-fi suse CWE-330	5.4
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8
2017-10-03	CVE-2017-14493	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. network low complexity redhat debian canonical opensuse thekelleys CWE-119 critical	9.8
2017-09-28	CVE-2015-3138	Improper Input Validation vulnerability in multiple products print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). network low complexity tcpdump opensuse opensuse-project CWE-20	5.0
2017-08-28	CVE-2017-6594	Improper Certificate Validation vulnerability in multiple products The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. network low complexity heimdal-project opensuse CWE-295	5.0
2017-08-07	CVE-2014-3462	Information Exposure vulnerability in multiple products The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". network low complexity opensuse encfs-project CWE-200	5.0
2017-08-02	CVE-2015-5203	Double Free vulnerability in multiple products Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. local low complexity fedoraproject opensuse-project opensuse jasper-project CWE-415	5.5