Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2016-0641 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
local
low complexity
opensuse debian oracle ibm redhat mariadb
5.1
2016-04-21 CVE-2016-0640 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
local
low complexity
oracle opensuse mariadb debian redhat ibm
6.1
2016-04-14 CVE-2015-5247 Improper Access Control vulnerability in multiple products
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
network
low complexity
redhat canonical CWE-284
6.5
2016-04-14 CVE-2011-4600 Improper Access Control vulnerability in multiple products
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
network
high complexity
canonical redhat CWE-284
5.9
2016-04-14 CVE-2016-3079 Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
network
low complexity
redhat CWE-79
6.1
2016-04-14 CVE-2016-2103 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.
network
low complexity
redhat CWE-79
6.1
2016-04-14 CVE-2015-0284 Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details.
network
low complexity
redhat CWE-79
5.4
2016-04-13 CVE-2016-0739 Information Exposure vulnerability in multiple products
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
5.9
2016-04-13 CVE-2015-8553 Information Exposure vulnerability in multiple products
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.
local
low complexity
xen redhat CWE-200
6.5
2016-04-11 CVE-2015-7528 Information Exposure vulnerability in multiple products
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
network
low complexity
kubernetes redhat CWE-200
5.3