Redhat

Enterprise Linux Server Aus

1059 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2015-5740

  • EPSS 4.27%
  • Veröffentlicht 18.10.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8

CVE-2017-0903

  • EPSS 5.55%
  • Veröffentlicht 11.10.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalat...

9.8

CVE-2017-15041

  • EPSS 3.82%
  • Veröffentlicht 05.10.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. I...

7.8

CVE-2017-1000111

  • EPSS 0.06%
  • Veröffentlicht 05.10.2017 01:29:04
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_...

7.5

CVE-2017-1000115

  • EPSS 2.14%
  • Veröffentlicht 05.10.2017 01:29:04
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

10

CVE-2017-1000116

  • EPSS 5.58%
  • Veröffentlicht 05.10.2017 01:29:04
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

8.1

CVE-2017-12617

Warnung Exploit
  • EPSS 94.38%
  • Veröffentlicht 04.10.2017 01:29:02
  • Zuletzt bearbeitet 21.04.2026 17:03:52

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload ...

5.5

CVE-2015-7837

  • EPSS 0.07%
  • Veröffentlicht 19.09.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secur...

8.1

CVE-2017-12615

Warnung Exploit
  • EPSS 94.2%
  • Veröffentlicht 19.09.2017 13:29:00
  • Zuletzt bearbeitet 21.04.2026 17:04:04

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP...

9.8

CVE-2017-12896

  • EPSS 2.06%
  • Veröffentlicht 14.09.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().