Vulnerabilities > Redhat > Low

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10193 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle debian netapp redhat
3.1
3.1
2017-08-08 CVE-2017-3653 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
high complexity
oracle debian redhat mariadb
3.1
3.1
2017-08-07 CVE-2015-7561 Permissions, Privileges, and Access Controls vulnerability in multiple products
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
network
high complexity
kubernetes redhat CWE-264
3.1
3.1
2017-04-24 CVE-2017-3533 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle redhat debian
3.7
3.7
2017-04-24 CVE-2017-3539 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle redhat debian
3.1
3.1
2017-04-24 CVE-2017-3544 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle redhat debian google
3.7
3.7
2017-04-14 CVE-2016-4455 Permissions, Privileges, and Access Controls vulnerability in Redhat products
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
local
low complexity
redhat CWE-264
3.3
3.3
2017-03-03 CVE-2015-2877 Information Exposure vulnerability in multiple products
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.
local
low complexity
linux redhat CWE-200
3.3
3.3
2016-10-25 CVE-2016-1000033 Improper Certificate Validation vulnerability in multiple products
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
network
high complexity
gnome redhat CWE-295
3.7
3.7
2016-10-03 CVE-2016-5432 Information Exposure Through Log Files vulnerability in Redhat Enterprise Virtualization 4.0
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
local
low complexity
redhat CWE-532
3.3
3.3