Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2015-8958 Out-of-bounds Read vulnerability in Imagemagick
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
network
low complexity
imagemagick CWE-125
6.5
2017-04-20 CVE-2015-8957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
network
low complexity
imagemagick CWE-119
6.5
2017-04-20 CVE-2017-7718 Out-of-bounds Read vulnerability in multiple products
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
local
low complexity
qemu debian CWE-125
5.5
2017-04-20 CVE-2016-6347 Cross-site Scripting vulnerability in Redhat Resteasy
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
2017-04-20 CVE-2016-6341 Information Exposure vulnerability in Ovirt
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
local
low complexity
ovirt CWE-200
5.5
2017-04-20 CVE-2016-6338 Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
low complexity
redhat CWE-284
6.8
2017-04-20 CVE-2016-6336 Improper Access Control vulnerability in Mediawiki
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
network
low complexity
mediawiki CWE-284
6.5
2017-04-20 CVE-2016-6334 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
network
low complexity
mediawiki CWE-79
6.1
2017-04-20 CVE-2016-6333 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
network
low complexity
mediawiki CWE-79
6.1
2017-04-20 CVE-2016-5761 Cross-site Scripting vulnerability in Novell Groupwise
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
network
low complexity
novell CWE-79
6.1