Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-05 | CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | 6.8 |
| 2017-08-31 | CVE-2017-0902 | Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | 6.8 |
| 2017-08-31 | CVE-2017-0901 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | 6.4 |
| 2017-08-31 | CVE-2017-0900 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | 5.0 |
| 2017-08-22 | CVE-2017-5208 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | 6.8 |
| 2017-08-08 | CVE-2017-3641 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.9 |
| 2017-08-08 | CVE-2017-3636 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 4.6 |
| 2017-08-07 | CVE-2015-7852 | Improper Input Validation vulnerability in NTP ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | 4.3 |
| 2017-08-07 | CVE-2015-7704 | Improper Input Validation vulnerability in multiple products The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | 5.0 |
| 2017-08-07 | CVE-2015-7702 | Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). | 4.0 |