High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-15	CVE-2016-9560	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. local low complexity jasper-project debian redhat CWE-787	7.8
2017-02-12	CVE-2017-3302	Use After Free vulnerability in multiple products Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. network low complexity oracle mariadb debian redhat CWE-416	7.5
2017-02-09	CVE-2017-5848	Out-of-bounds Read vulnerability in multiple products The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. network low complexity gstreamer-project debian redhat CWE-125	7.5
2017-02-03	CVE-2016-10165	Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. local low complexity littlecms debian canonical opensuse redhat netapp CWE-125	7.1
2017-01-23	CVE-2016-9446	Improper Initialization vulnerability in multiple products The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. network low complexity gstreamer-project redhat fedoraproject CWE-665	7.5
2017-01-19	CVE-2016-7545	Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. local low complexity selinux-project fedoraproject redhat CWE-284	8.8
2017-01-19	CVE-2016-5198	Out-of-bounds Write vulnerability in multiple products V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. network low complexity google redhat CWE-787	8.8
2017-01-13	CVE-2016-7426	Resource Exhaustion vulnerability in multiple products NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. network low complexity ntp canonical redhat hpe CWE-400	7.5
2017-01-12	CVE-2016-9131	Improper Input Validation vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. network low complexity isc debian redhat netapp CWE-20	7.5
2016-11-08	CVE-2016-7865	Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. network low complexity adobe redhat CWE-704	8.8