High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-14	CVE-2017-12987	Out-of-bounds Read vulnerability in multiple products The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). network low complexity tcpdump debian redhat CWE-125	7.5
2017-09-14	CVE-2017-12902	Out-of-bounds Read vulnerability in multiple products The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. network low complexity tcpdump debian redhat CWE-125	7.5
2017-09-14	CVE-2017-12899	Out-of-bounds Read vulnerability in multiple products The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). network low complexity tcpdump debian redhat CWE-125	7.5
2017-09-14	CVE-2017-12896	Out-of-bounds Read vulnerability in multiple products The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). network low complexity tcpdump debian redhat CWE-125	7.5
2017-09-12	CVE-2017-1000251	Out-of-bounds Write vulnerability in multiple products The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. low complexity linux debian nvidia redhat CWE-787	8.0
2017-08-31	CVE-2017-0899	Code Injection vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. network low complexity rubygems debian redhat CWE-94	7.5
2017-08-31	CVE-2017-14064	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. network low complexity ruby-lang debian canonical redhat CWE-119	7.5
2017-08-23	CVE-2017-11610	Incorrect Default Permissions vulnerability in multiple products The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. network low complexity supervisord fedoraproject debian redhat CWE-276	8.8
2017-08-19	CVE-2017-10661	Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. local high complexity linux redhat debian CWE-416	7.0
2017-08-11	CVE-2017-3106	Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. network low complexity redhat adobe CWE-704	8.8