Redhat Enterprise Linux Workstation vulnerabilities

1,845 known vulnerabilities affecting redhat/enterprise_linux_workstation.

Total CVEs

1,845

CISA KEV

actively exploited

Public exploits

136

Exploited in wild

Severity breakdown

CRITICAL335HIGH699MEDIUM713LOW98

Vulnerabilities

Page 54 of 93

CVE-2017-0899CRITICALCVSS 9.8v7.02017-08-31

CVE-2017-0899 [CRITICAL] CWE-150 CVE-2017-0899: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that inc RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

nvd

CVE-2017-0900HIGHCVSS 7.5v7.02017-08-31

CVE-2017-0900 [HIGH] CWE-20 CVE-2017-0900: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

nvd

CVE-2017-0902HIGHCVSS 8.1v7.02017-08-31

CVE-2017-0902 [HIGH] CWE-350 CVE-2017-0902: RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MIT RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

nvd

CVE-2017-0901HIGHCVSS 7.5PoCv7.02017-08-31

CVE-2017-0901 [HIGH] CWE-22 CVE-2017-0901: RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously cr RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

nvd

CVE-2017-5208HIGHCVSS 8.8v7.02017-08-22

CVE-2017-5208 [HIGH] CWE-190 CVE-2017-5208: Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

nvd

CVE-2016-6796HIGHCVSS 7.5v7.02017-08-11

CVE-2016-6796 [HIGH] CVE-2016-6796: A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

nvd

CVE-2017-3106HIGHCVSS 8.8PoCv6.02017-08-11

CVE-2017-3106 [HIGH] CWE-704 CVE-2017-3106: Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

nvd

CVE-2017-3085HIGHCVSS 7.4v6.02017-08-11

CVE-2017-3085 [HIGH] CWE-601 CVE-2017-3085: Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads t Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

nvd

CVE-2016-5018CRITICALCVSS 9.1PoCv7.02017-08-10

CVE-2016-5018 [CRITICAL] CVE-2016-5018: In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

nvd

CVE-2016-6797HIGHCVSS 7.5v7.02017-08-10

CVE-2016-6797 [HIGH] CWE-863 CVE-2016-6797: The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0. The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resour

nvd

CVE-2016-0762MEDIUMCVSS 5.9v7.02017-08-10

CVE-2016-0762 [MEDIUM] CWE-203 CVE-2016-0762: The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm

nvd

CVE-2016-6794MEDIUMCVSS 5.3v7.02017-08-10

CVE-2016-6794 [MEDIUM] CVE-2016-6794: When a SecurityManager is configured, a web application's ability to read system properties should b When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to byp

nvd

CVE-2015-3405HIGHCVSS 7.5v6.02017-08-09

CVE-2015-3405 [HIGH] CWE-331 CVE-2015-3405: ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

nvd

CVE-2017-10107CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10107 [CRITICAL] CVE-2017-10107: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at

nvd

CVE-2017-10087CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10087 [CRITICAL] CVE-2017-10087: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Success

nvd

CVE-2017-10090CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10090 [CRITICAL] CVE-2017-10090: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful att

nvd

CVE-2017-10110CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10110 [CRITICAL] CVE-2017-10110: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the

nvd

CVE-2017-10089CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10089 [CRITICAL] CVE-2017-10089: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than

nvd

CVE-2017-10096CRITICALCVSS 9.6v6.0v7.02017-08-08

CVE-2017-10096 [CRITICAL] CVE-2017-10096: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a

nvd

CVE-2017-10102CRITICALCVSS 9.0v6.0v7.02017-08-08

CVE-2017-10102 [CRITICAL] CVE-2017-10102: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the v

nvd

← Previous54 / 93Next →