High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-13	CVE-2016-5391	NULL Pointer Dereference vulnerability in multiple products libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). network low complexity libreswan fedoraproject CWE-476	7.5
2017-06-13	CVE-2016-3704	Credentials Management vulnerability in multiple products Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. network low complexity fedoraproject pulpproject CWE-255	7.5
2017-06-01	CVE-2017-8386	git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. network low complexity git opensuse debian canonical fedoraproject	8.8
2017-05-23	CVE-2016-5177	Use After Free vulnerability in multiple products Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. network low complexity google opensuse debian redhat fedoraproject CWE-416	8.8
2017-04-21	CVE-2016-0721	Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. network low complexity clusterlabs redhat fedoraproject CWE-384	8.1
2017-04-21	CVE-2016-0720	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. network low complexity clusterlabs redhat fedoraproject CWE-352	8.8
2017-04-14	CVE-2016-6299	Permissions, Privileges, and Access Controls vulnerability in multiple products The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. local low complexity fedoraproject mock-project CWE-264	7.8
2017-04-13	CVE-2015-8567	Memory Leak vulnerability in multiple products Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). network low complexity qemu canonical debian suse opensuse fedoraproject CWE-401	7.7
2017-03-31	CVE-2014-9114	Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. local low complexity opensuse fedoraproject kernel CWE-77	7.8
2017-03-27	CVE-2016-9243	HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. network low complexity cryptography-io fedoraproject canonical	7.5