Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-24 | CVE-2015-5146 | Improper Input Validation vulnerability in multiple products ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | 5.3 |
| 2017-08-22 | CVE-2017-12843 | Improper Input Validation vulnerability in multiple products Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | 6.5 |
| 2017-08-09 | CVE-2017-11368 | Reachable Assertion vulnerability in multiple products In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | 6.5 |
| 2017-08-02 | CVE-2015-5203 | Double Free vulnerability in multiple products Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | 5.5 |
| 2017-07-25 | CVE-2015-5221 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | 5.5 |
| 2017-07-06 | CVE-2017-8932 | Incorrect Calculation vulnerability in multiple products A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. | 5.9 |
| 2017-06-13 | CVE-2016-3696 | Information Exposure vulnerability in multiple products The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | 5.5 |
| 2017-06-08 | CVE-2016-3095 | Information Exposure vulnerability in multiple products server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 5.5 |
| 2017-06-06 | CVE-2016-9960 | Divide By Zero vulnerability in multiple products game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | 5.5 |
| 2017-04-13 | CVE-2015-1839 | Data Processing Errors vulnerability in multiple products modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |