High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-21	CVE-2015-5300	7PK - Time and State vulnerability in multiple products The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). network low complexity fedoraproject suse opensuse redhat debian canonical ntp CWE-361	7.5
2017-07-21	CVE-2015-5219	Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. network low complexity fedoraproject suse redhat debian canonical ntp novell opensuse siemens oracle CWE-704	7.5
2017-07-21	CVE-2015-5195	Improper Input Validation vulnerability in multiple products ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. network low complexity fedoraproject redhat debian canonical ntp CWE-20	7.5
2017-07-21	CVE-2015-5194	Improper Input Validation vulnerability in multiple products The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. network low complexity fedoraproject suse redhat debian canonical ntp CWE-20	7.5
2017-07-17	CVE-2017-1000050	NULL Pointer Dereference vulnerability in multiple products JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. network low complexity jasper-project fedoraproject redhat canonical CWE-476	7.5
2017-07-17	CVE-2017-1000001	Improper Input Validation vulnerability in Fedoraproject Fedmsg FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. network low complexity fedoraproject CWE-20	7.5
2017-06-27	CVE-2016-6342	Improper Access Control vulnerability in multiple products elog 3.1.1 allows remote attackers to post data as any username in the logbook. network low complexity fedoraproject elog-project CWE-284	7.5
2017-06-26	CVE-2017-7496	Improper Handling of Exceptional Conditions vulnerability in Fedoraproject ARM Installer 1.99.16 fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories. local high complexity fedoraproject CWE-755	7.0
2017-06-13	CVE-2016-5391	NULL Pointer Dereference vulnerability in multiple products libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). network low complexity libreswan fedoraproject CWE-476	7.5
2017-06-13	CVE-2016-3704	Credentials Management vulnerability in multiple products Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. network low complexity fedoraproject pulpproject CWE-255	7.5