Redhat Enterprise Linux Server Aus vulnerabilities

1,056 known vulnerabilities affecting redhat/enterprise_linux_server_aus.

Total CVEs

1,056

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL214HIGH358MEDIUM415LOW69

Vulnerabilities

Page 36 of 53

CVE-2017-10198MEDIUMCVSS 6.8v7.3v7.4+2 more2017-08-08

CVE-2017-10198 [MEDIUM] CVE-2017-10198: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE

nvd

CVE-2017-3651MEDIUMCVSS 4.3v7.4v7.6+1 more2017-08-08

CVE-2017-3651 [MEDIUM] CVE-2017-3651: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Suppor Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this v

nvd

CVE-2017-10243MEDIUMCVSS 6.5v7.3v7.4+2 more2017-08-08

CVE-2017-10243 [MEDIUM] CVE-2017-10243: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Ja

nvd

CVE-2017-10109MEDIUMCVSS 5.3v7.3v7.4+2 more2017-08-08

CVE-2017-10109 [MEDIUM] CVE-2017-10109: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java

nvd

CVE-2017-10135MEDIUMCVSS 5.9v7.3v7.4+2 more2017-08-08

CVE-2017-10135 [MEDIUM] CVE-2017-10135: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Jav

nvd

CVE-2017-10053MEDIUMCVSS 5.3v7.3v7.4+2 more2017-08-08

CVE-2017-10053 [MEDIUM] CVE-2017-10053: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java S

nvd

CVE-2017-3653LOWCVSS 3.1v7.6v7.72017-08-08

CVE-2017-3653 [LOW] CVE-2017-3653: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera

nvd

CVE-2017-10193LOWCVSS 3.1v7.3v7.4+2 more2017-08-08

CVE-2017-10193 [LOW] CVE-2017-10193: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

nvd

CVE-2015-7704HIGHCVSS 7.5v6.5v6.6+4 more2017-08-07

CVE-2015-7704 [HIGH] CWE-20 CVE-2015-7704: The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

nvd

CVE-2015-7691HIGHCVSS 7.5v7.3v7.4+2 more2017-08-07

CVE-2015-7691 [HIGH] CVE-2015-7691: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

nvd

CVE-2015-7692HIGHCVSS 7.5v7.3v7.4+2 more2017-08-07

CVE-2015-7692 [HIGH] CVE-2015-7692: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

nvd

CVE-2015-7701HIGHCVSS 7.5v7.3v7.4+2 more2017-08-07

CVE-2015-7701 [HIGH] CWE-772 CVE-2015-7701: Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.7 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

nvd

CVE-2015-7852MEDIUMCVSS 5.9v7.3v7.4+2 more2017-08-07

CVE-2015-7852 [MEDIUM] CWE-20 CVE-2015-7852: ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

nvd

CVE-2015-7702MEDIUMCVSS 6.5v7.3v7.4+2 more2017-08-07

CVE-2015-7702 [MEDIUM] CVE-2015-7702: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

nvd

CVE-2017-10664HIGHCVSS 7.5v7.4v7.6+1 more2017-08-02

CVE-2017-10664 [HIGH] CVE-2017-10664: qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to caus qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

nvd

CVE-2016-8743HIGHCVSS 7.5v7.3v7.4+2 more2017-07-27

CVE-2016-8743 [HIGH] CVE-2016-8743: Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accept Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventio

nvd

CVE-2017-7980HIGHCVSS 7.8v7.3v7.4+1 more2017-07-25

CVE-2017-7980 [HIGH] CWE-119 CVE-2017-7980: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

nvd

CVE-2015-3149MEDIUMCVSS 5.5v6.62017-07-25

CVE-2015-3149 [MEDIUM] CWE-59 CVE-2015-3149: The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

nvd

CVE-2015-7703HIGHCVSS 7.5v7.3v7.4+2 more2017-07-24

CVE-2015-7703 [HIGH] CWE-20 CVE-2015-7703: The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, w The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

nvd

CVE-2017-10978HIGHCVSS 7.5v7.4v7.6+1 more2017-07-17

CVE-2017-10978 [HIGH] CWE-119 CVE-2017-10978: An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overfl An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

nvd

← Previous36 / 53Next →