Vulnerabilities > Redhat > Enterprise Linux Server TUS > 7.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-06 | CVE-2015-7529 | Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 7.8 |
| 2017-10-24 | CVE-2017-12613 | Out-of-bounds Read vulnerability in multiple products When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 |
| 2017-10-18 | CVE-2015-5740 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | 9.8 |
| 2017-10-18 | CVE-2015-5739 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | 9.8 |
| 2017-09-12 | CVE-2017-1000251 | Out-of-bounds Write vulnerability in multiple products The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | 8.0 |
| 2017-08-22 | CVE-2017-5208 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | 8.8 |
| 2017-08-08 | CVE-2017-10243 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). | 6.5 |
| 2017-08-08 | CVE-2017-10198 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). | 6.8 |
| 2017-08-08 | CVE-2017-10193 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 3.1 |
| 2017-08-08 | CVE-2017-10135 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). | 5.9 |