Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-07 | CVE-2016-6345 | Information Exposure vulnerability in Redhat Resteasy RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | 6.5 |
| 2016-09-07 | CVE-2016-6344 | Information Exposure vulnerability in Redhat Jboss BPM Suite 6.3 Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 5.3 |
| 2016-08-05 | CVE-2016-5392 | Information Exposure vulnerability in Redhat Openshift 3.2 The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. | 6.5 |
| 2016-08-05 | CVE-2016-3097 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | 6.1 |
| 2016-08-05 | CVE-2016-3080 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes. | 6.1 |
| 2016-08-02 | CVE-2016-5403 | Resource Exhaustion vulnerability in multiple products The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | 5.5 |
| 2016-07-21 | CVE-2016-5440 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. | 4.9 |
| 2016-07-19 | CVE-2016-2775 | Improper Input Validation vulnerability in multiple products ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | 5.9 |
| 2016-07-12 | CVE-2016-5009 | Improper Input Validation vulnerability in Redhat products The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | 6.5 |
| 2016-07-12 | CVE-2016-4428 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | 5.4 |