High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-18	CVE-2015-5740	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. network low complexity golang fedoraproject redhat CWE-444	7.5
2017-10-18	CVE-2015-5739	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." network low complexity golang fedoraproject redhat CWE-444	7.5
2017-10-16	CVE-2015-7687	Use After Free vulnerability in multiple products Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. network low complexity openbsd fedoraproject CWE-416	7.5
2017-10-03	CVE-2017-13704	Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. network low complexity redhat debian novell canonical fedoraproject thekelleys CWE-20	7.5
2017-09-25	CVE-2015-5704	Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. local low complexity devscripts-devel-team fedoraproject CWE-77	7.2
2017-09-21	CVE-2017-12170	Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. network low complexity pureftpd fedoraproject	7.5
2017-09-19	CVE-2015-1854	Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. network low complexity fedoraproject debian CWE-284	7.5
2017-09-07	CVE-2017-6362	Double Free vulnerability in multiple products Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. network low complexity libgd debian fedoraproject canonical CWE-415	7.5
2017-08-29	CVE-2017-13752	Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. network low complexity jasper-project fedoraproject CWE-617	7.5
2017-08-29	CVE-2017-13751	Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. network low complexity jasper-project fedoraproject CWE-617	7.5