Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-25 CVE-2014-3672 Resource Exhaustion vulnerability in multiple products
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
local
low complexity
redhat xen CWE-400
6.5
2016-05-24 CVE-2016-0264 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
network
high complexity
suse ibm redhat CWE-119
5.6
2016-05-23 CVE-2016-4578 Information Exposure vulnerability in multiple products
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
local
low complexity
linux canonical debian redhat opensuse CWE-200
5.5
2016-05-20 CVE-2016-1839 Out-of-bounds Read vulnerability in multiple products
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
5.5
2016-05-20 CVE-2016-1838 Out-of-bounds Read vulnerability in multiple products
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
5.5
2016-05-20 CVE-2016-1837 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
5.5
2016-05-20 CVE-2016-1836 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
5.5
2016-05-20 CVE-2016-1833 Out-of-bounds Read vulnerability in multiple products
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
5.5
2016-05-17 CVE-2016-3727 Information Exposure vulnerability in multiple products
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
network
low complexity
jenkins redhat CWE-200
4.3
2016-05-17 CVE-2016-3725 Permissions, Privileges, and Access Controls vulnerability in multiple products
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check.
network
low complexity
jenkins redhat CWE-264
4.3