High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-21	CVE-2016-0721	Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. network low complexity clusterlabs redhat fedoraproject CWE-384	8.1
2017-04-21	CVE-2016-0720	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. network low complexity clusterlabs redhat fedoraproject CWE-352	8.8
2017-04-14	CVE-2016-6299	Permissions, Privileges, and Access Controls vulnerability in multiple products The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. local low complexity fedoraproject mock-project CWE-264	7.8
2017-03-31	CVE-2014-9114	Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. local low complexity opensuse fedoraproject kernel CWE-77	7.8
2017-03-27	CVE-2016-9243	HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. network low complexity cryptography-io fedoraproject canonical	7.5
2017-03-27	CVE-2017-5330	OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. local low complexity fedoraproject kde CWE-78	7.8
2017-03-24	CVE-2016-10132	NULL Pointer Dereference vulnerability in multiple products regexp.c in Artifex Software, Inc. network low complexity artifex fedoraproject CWE-476	7.5
2017-03-23	CVE-2016-9399	Reachable Assertion vulnerability in multiple products The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject opensuse CWE-617	7.5
2017-03-23	CVE-2016-9398	Reachable Assertion vulnerability in multiple products The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject suse opensuse CWE-617	7.5
2017-03-23	CVE-2016-9397	Reachable Assertion vulnerability in multiple products The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject CWE-617	7.5