Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-3464 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.3 |
| 2017-04-24 | CVE-2017-3456 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.9 |
| 2017-04-24 | CVE-2017-3453 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
| 2017-04-21 | CVE-2016-3702 | Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0 Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | 5.3 |
| 2017-04-21 | CVE-2016-6519 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | 5.4 |
| 2017-04-20 | CVE-2016-6347 | Cross-site Scripting vulnerability in Redhat Resteasy Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-20 | CVE-2016-6338 | Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0 ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | 6.8 |
| 2017-04-19 | CVE-2016-5410 | Improper Authentication vulnerability in multiple products firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | 5.5 |
| 2017-04-14 | CVE-2016-7060 | Information Exposure vulnerability in Redhat Quickstart Cloud Installer 1.0 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 4.6 |
| 2017-04-13 | CVE-2016-2104 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | 6.1 |