Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-08 | CVE-2017-10105 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 4.3 |
| 2017-08-08 | CVE-2017-10053 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). | 5.3 |
| 2017-08-07 | CVE-2016-3113 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-08-07 | CVE-2015-7852 | Improper Input Validation vulnerability in multiple products ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | 5.9 |
| 2017-08-07 | CVE-2015-7702 | Improper Input Validation vulnerability in multiple products The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). | 6.5 |
| 2017-07-25 | CVE-2015-3149 | Link Following vulnerability in Redhat products The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | 5.5 |
| 2017-07-17 | CVE-2016-6312 | Resource Exhaustion vulnerability in Redhat Enterprise Linux 5.11 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). | 6.5 |
| 2017-07-17 | CVE-2016-0764 | Race Condition vulnerability in Redhat Networkmanager Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | 6.2 |
| 2017-06-26 | CVE-2015-3142 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. | 4.7 |
| 2017-06-26 | CVE-2015-1870 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. | 5.5 |