Fedoraproject ≫ Fedora

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progress...

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

game-music-emu before 0.6.1 mishandles unspecified integer values.