Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-2295 | Deserialization of Untrusted Data vulnerability in multiple products Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. | 8.2 |
| 2017-07-05 | CVE-2017-2294 | Information Exposure vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. | 7.5 |
| 2017-07-05 | CVE-2017-10929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.5.0 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. | 7.8 |
| 2017-07-05 | CVE-2017-10928 | Out-of-bounds Read vulnerability in Imagemagick 7.0.60 In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. | 8.8 |
| 2017-07-05 | CVE-2017-10922 | Resource Exhaustion vulnerability in XEN The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | 7.5 |
| 2017-07-05 | CVE-2017-10916 | Information Exposure vulnerability in XEN The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. | 7.5 |
| 2017-07-05 | CVE-2017-10914 | Double Free vulnerability in XEN The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | 8.1 |
| 2017-07-04 | CVE-2017-10810 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. | 7.5 |
| 2017-07-04 | CVE-2017-10805 | Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0 In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users. | 8.8 |
| 2017-07-03 | CVE-2017-5944 | Improper Input Validation vulnerability in Bestpractical Request Tracker The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. | 8.8 |