Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-19	CVE-2017-10295	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). network high complexity oracle debian redhat netapp	4.0
2017-10-19	CVE-2017-10285	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network low complexity oracle debian redhat netapp critical	9.6
2017-10-19	CVE-2017-10281	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle debian redhat netapp	5.3
2017-10-19	CVE-2017-10274	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). network high complexity oracle debian redhat netapp	6.8
2017-10-19	CVE-2017-10268	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). local high complexity oracle debian redhat mariadb netapp	4.1
2017-10-18	CVE-2015-5740	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. network low complexity golang fedoraproject redhat CWE-444 critical	9.8
2017-10-18	CVE-2015-5739	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." network low complexity golang fedoraproject redhat CWE-444 critical	9.8
2017-10-17	CVE-2017-13088	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3
2017-10-17	CVE-2017-13087	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3
2017-10-17	CVE-2017-13086	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	6.8