Shodan
Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
CVE-2014-8141
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS Score
7.8
EPSS Score
0.098
Published
2020-01-31
CVE-2015-6815
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.019
Published
2020-01-31
CVE-2014-8139
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS Score
7.8
EPSS Score
0.098
Published
2020-01-31
CVE-2014-8140
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS Score
7.8
EPSS Score
0.098
Published
2020-01-31
CVE-2011-4088
ABRT might allow attackers to obtain sensitive information from crash reports.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-31
CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVSS Score
9.1
EPSS Score
0.022
Published
2020-01-29
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-01-29
CVE-2013-2060
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
CVSS Score
9.8
EPSS Score
0.22
Published
2020-01-28
CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-27
CVE-2015-0294
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-01-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved