High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-23	CVE-2016-1602	Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). local low complexity suse CWE-94	7.8
2017-03-17	CVE-2014-9854	Resource Management Errors vulnerability in multiple products coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." network low complexity imagemagick opensuse suse canonical CWE-399	7.5
2016-12-23	CVE-2016-7966	Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. network low complexity kde debian fedoraproject suse CWE-94	7.3
2016-09-20	CVE-2015-8931	Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. local low complexity libarchive suse canonical debian CWE-190	7.8
2016-09-20	CVE-2015-8930	Improper Input Validation vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. network low complexity suse libarchive canonical CWE-20	7.5
2016-07-23	CVE-2016-5131	Use After Free vulnerability in multiple products Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. network low complexity google xmlsoft apple canonical redhat suse opensuse debian CWE-416	8.8
2016-07-05	CVE-2016-4957	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. network low complexity ntp oracle novell suse opensuse CWE-476	7.5
2016-07-05	CVE-2016-4954	Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. network low complexity ntp oracle suse opensuse siemens CWE-362	7.5
2016-07-05	CVE-2016-4953	Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. network low complexity ntp oracle suse opensuse siemens CWE-287	7.5
2016-06-27	CVE-2016-5244	Information Exposure vulnerability in multiple products The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. network low complexity fedoraproject suse redhat linux CWE-200	7.5