Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2016-3702 Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
network
low complexity
redhat CWE-200
5.3
2017-04-21 CVE-2016-6519 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
network
low complexity
redhat openstack CWE-79
5.4
2017-04-20 CVE-2016-6347 Cross-site Scripting vulnerability in Redhat Resteasy
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
2017-04-20 CVE-2016-6338 Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
low complexity
redhat CWE-284
6.8
2017-04-19 CVE-2016-5410 Improper Authentication vulnerability in multiple products
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
local
low complexity
firewalld redhat CWE-287
5.5
2017-04-14 CVE-2016-7060 Information Exposure vulnerability in Redhat Quickstart Cloud Installer 1.0
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
low complexity
redhat CWE-200
4.6
2017-04-13 CVE-2016-2104 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
network
low complexity
redhat CWE-79
6.1
2017-04-12 CVE-2016-6348 Cross-site Scripting vulnerability in Redhat Resteasy
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
network
low complexity
redhat CWE-79
6.1
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
low complexity
kernel redhat ibm
4.6
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5