Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3453 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle debian mariadb redhat
6.5
6.5
2017-04-24 CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle debian mariadb redhat
7.7
7.7
2017-04-24 CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian mariadb redhat
7.7
7.7
2017-04-21 CVE-2016-3702 Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
network
low complexity
redhat CWE-200
5.3
5.3
2017-04-21 CVE-2016-6519 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
network
low complexity
redhat openstack CWE-79
5.4
5.4
2017-04-21 CVE-2016-0721 Session Fixation vulnerability in multiple products
Session fixation vulnerability in pcsd in pcs before 0.9.157.
network
low complexity
clusterlabs redhat fedoraproject CWE-384
8.1
8.1
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
8.8
2017-04-20 CVE-2016-5401 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
network
low complexity
redhat CWE-352
8.8
8.8
2017-04-20 CVE-2016-6347 Cross-site Scripting vulnerability in Redhat Resteasy
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
6.1
2017-04-20 CVE-2016-6338 Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
low complexity
redhat CWE-284
6.8
6.8