Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-06 | CVE-2015-3163 | Improper Access Control vulnerability in Redhat Beaker The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | 4.3 |
| 2017-08-28 | CVE-2014-8163 | Path Traversal vulnerability in Redhat Satellite 5.0 Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | 6.5 |
| 2017-08-28 | CVE-2014-8168 | Improper Access Control vulnerability in Redhat Satellite 6.0 Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | 6.1 |
| 2017-08-28 | CVE-2014-0141 | Cross-site Scripting vulnerability in Redhat Satellite 6.0.3 Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | 6.1 |
| 2017-08-24 | CVE-2015-5293 | Improper Access Control vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | 5.9 |
| 2017-08-22 | CVE-2016-6311 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform 7.0 Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | 5.3 |
| 2017-08-22 | CVE-2016-6310 | Information Exposure vulnerability in Redhat Enterprise Virtualization oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | 5.5 |
| 2017-08-10 | CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. | 5.3 |
| 2017-08-10 | CVE-2016-0762 | Information Exposure Through Discrepancy vulnerability in multiple products The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. | 5.9 |
| 2017-08-08 | CVE-2017-3651 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). | 4.3 |