Vulnerabilities > Redhat > Enterprise Linux Server TUS > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-18 CVE-2015-5740 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
network
low complexity
golang fedoraproject redhat CWE-444
7.5
7.5
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
7.5
7.5
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
7.5
7.5
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
7.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
network
high complexity
apache netapp redhat CWE-434
8.1
8.1
2017-09-12 CVE-2017-1000251 Out-of-bounds Write vulnerability in multiple products
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
low complexity
linux debian nvidia redhat CWE-787
8.0
8.0
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
7.5
7.5
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
7.5
7.5
2017-08-11 CVE-2016-6796 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
network
low complexity
apache debian netapp canonical oracle redhat
7.5
7.5