Redhat Enterprise Linux Server vulnerabilities

1,891 known vulnerabilities affecting redhat/enterprise_linux_server.

Total CVEs

1,891

CISA KEV

actively exploited

Public exploits

134

Exploited in wild

Severity breakdown

CRITICAL347HIGH710MEDIUM734LOW100

Vulnerabilities

Page 53 of 95

CVE-2017-5069MEDIUMCVSS 6.1v6.02017-10-27

CVE-2017-5069 [MEDIUM] CWE-79 CVE-2017-5069: Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Li Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.

nvd

CVE-2017-5107MEDIUMCVSS 5.3v6.02017-10-27

CVE-2017-5107 [MEDIUM] CWE-203 CVE-2017-5107: A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

nvd

CVE-2017-5093MEDIUMCVSS 6.5v6.02017-10-27

CVE-2017-5093 [MEDIUM] CWE-20 CVE-2017-5093: Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.7 Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

nvd

CVE-2017-5104MEDIUMCVSS 6.5v6.02017-10-27

CVE-2017-5104 [MEDIUM] CWE-20 CVE-2017-5104: Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

nvd

CVE-2017-5086MEDIUMCVSS 6.5v6.02017-10-27

CVE-2017-5086 [MEDIUM] CWE-20 CVE-2017-5086: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Ma Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

nvd

CVE-2017-5075MEDIUMCVSS 4.3v6.02017-10-27

CVE-2017-5075 [MEDIUM] CWE-200 CVE-2017-5075: Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Li Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

nvd

CVE-2017-5065MEDIUMCVSS 4.7v6.02017-10-27

CVE-2017-5065 [MEDIUM] CWE-20 CVE-2017-5065: Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

nvd

CVE-2017-5081LOWCVSS 3.3v6.02017-10-27

CVE-2017-5081 [LOW] CWE-20 CVE-2017-5081: Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

nvd

CVE-2017-15906MEDIUMCVSS 5.3v7.02017-10-26

CVE-2017-15906 [MEDIUM] CWE-732 CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write ope The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

nvd

CVE-2017-12613HIGHCVSS 7.1v6.0v7.02017-10-24

CVE-2017-12613 [HIGH] CWE-125 CVE-2017-12613: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value i When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may rep

nvd

CVE-2017-11292HIGHCVSS 8.8KEVv6.02017-10-22

CVE-2017-11292 [HIGH] CWE-843 CVE-2017-11292: Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, whic Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

nvd

CVE-2017-10346CRITICALCVSS 9.6v6.0v7.02017-10-19

CVE-2017-10346 [CRITICAL] CVE-2017-10346: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Success

nvd

CVE-2017-10285CRITICALCVSS 9.6v6.0v7.02017-10-19

CVE-2017-10285 [CRITICAL] CVE-2017-10285: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

nvd

CVE-2017-10388HIGHCVSS 7.5v6.0v7.02017-10-19

CVE-2017-10388 [HIGH] CVE-2017-10388: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attac

nvd

CVE-2017-10309HIGHCVSS 7.1PoCv6.0v7.02017-10-19

CVE-2017-10309 [HIGH] CVE-2017-10309: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versi Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker

nvd

CVE-2017-10357MEDIUMCVSS 5.3v6.0v7.02017-10-19

CVE-2017-10357 [MEDIUM] CVE-2017-10357: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serializat Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su

nvd

CVE-2017-10350MEDIUMCVSS 5.3v6.0v7.02017-10-19

CVE-2017-10350 [MEDIUM] CVE-2017-10350: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). S Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac

nvd

CVE-2017-10379MEDIUMCVSS 6.5v7.02017-10-19

CVE-2017-10379 [MEDIUM] CWE-863 CVE-2017-10379: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Support Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks

nvd

CVE-2017-10349MEDIUMCVSS 5.3v6.0v7.02017-10-19

CVE-2017-10349 [MEDIUM] CVE-2017-10349: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

nvd

CVE-2017-10384MEDIUMCVSS 6.5v7.02017-10-19

CVE-2017-10384 [MEDIUM] CVE-2017-10384: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabi

nvd

← Previous53 / 95Next →