Vulnerabilities > Redhat > Enterprise Linux Server AUS > 7.6

DATE CVE VULNERABILITY TITLE RISK
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
critical
 9.8
9.8
2017-10-05 CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution.
network
low complexity
golang debian redhat
critical
 9.8
9.8
2017-10-05 CVE-2017-1000116 OS Command Injection vulnerability in multiple products
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
network
low complexity
mercurial debian redhat CWE-78
critical
 9.8
9.8
2017-10-05 CVE-2017-1000115 Link Following vulnerability in multiple products
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
network
low complexity
mercurial debian redhat CWE-59
7.5
7.5
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
7.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
network
high complexity
apache netapp redhat CWE-434
8.1
8.1
2017-09-14 CVE-2017-12987 Out-of-bounds Read vulnerability in multiple products
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
network
low complexity
tcpdump redhat debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-12902 Out-of-bounds Read vulnerability in multiple products
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
network
low complexity
tcpdump redhat debian CWE-125
critical
 9.8
9.8