Vulnerabilities > Redhat > Enterprise Linux Server AUS

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-10274 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO).
network
high complexity
oracle debian redhat netapp
6.8
6.8
2017-10-19 CVE-2017-10268 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
local
high complexity
oracle debian redhat mariadb netapp
4.1
4.1
2017-10-18 CVE-2015-5740 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
critical
 9.8
9.8
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
critical
 9.8
9.8
2017-10-05 CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution.
network
low complexity
golang debian redhat
critical
 9.8
9.8
2017-10-05 CVE-2017-1000116 OS Command Injection vulnerability in multiple products
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
network
low complexity
mercurial debian redhat CWE-78
critical
 9.8
9.8
2017-10-05 CVE-2017-1000115 Link Following vulnerability in multiple products
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
network
low complexity
mercurial debian redhat CWE-59
7.5
7.5
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
7.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1