High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-14	CVE-2017-1002151	Missing Authorization vulnerability in Redhat Pagure Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization network low complexity redhat CWE-862	7.5
2017-09-13	CVE-2017-7561	HTTP Request Smuggling vulnerability in Redhat Jboss Enterprise Application Platform Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. network low complexity redhat CWE-444	7.5
2017-09-12	CVE-2017-1000251	Out-of-bounds Write vulnerability in multiple products The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. low complexity linux debian nvidia redhat CWE-787	8.0
2017-09-05	CVE-2017-1000083	backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. local low complexity gnome debian redhat	7.8
2017-08-31	CVE-2017-0902	Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. network high complexity rubygems debian canonical redhat CWE-346	8.1
2017-08-31	CVE-2017-0901	Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. network low complexity rubygems debian canonical redhat CWE-20	7.5
2017-08-31	CVE-2017-0900	Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. network low complexity rubygems debian redhat CWE-20	7.5
2017-08-23	CVE-2017-11610	Incorrect Default Permissions vulnerability in multiple products The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. network low complexity supervisord fedoraproject debian redhat CWE-276	8.8
2017-08-22	CVE-2017-5208	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. network low complexity icoutils-project debian redhat CWE-190	8.8
2017-08-19	CVE-2017-10661	Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. local high complexity linux redhat debian CWE-416	7.0