Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2016-6348 Cross-site Scripting vulnerability in Redhat Resteasy
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
network
low complexity
redhat CWE-79
6.1
6.1
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
low complexity
kernel redhat ibm
4.6
4.6
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5
5.5
2017-03-15 CVE-2015-8896 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
network
low complexity
imagemagick oracle redhat
6.5
6.5
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. 		6.1
6.1
2017-02-16 CVE-2017-6011 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-125
5.5
5.5
2017-02-16 CVE-2017-6010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-119
5.5
5.5
2017-02-16 CVE-2017-6009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-119
5.5
5.5
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
5.3
2017-01-27 CVE-2017-3318 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling).
local
high complexity
oracle debian redhat mariadb
4.0
4.0