Vulnerabilities > Redhat > Enterprise Linux Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5053 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. | 9.6 |
| 2017-10-27 | CVE-2017-5052 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | 8.8 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-10-24 | CVE-2017-12613 | Out-of-bounds Read vulnerability in multiple products When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 |
| 2017-10-22 | CVE-2017-11292 | Type Confusion vulnerability in multiple products Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. | 8.8 |
| 2017-10-19 | CVE-2017-10388 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |
| 2017-10-19 | CVE-2017-10384 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 6.5 |
| 2017-10-19 | CVE-2017-10379 | Incorrect Authorization vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 6.5 |
| 2017-10-19 | CVE-2017-10378 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |