Shodan
Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS Score
7.7
EPSS Score
0.005
Published
2019-12-13
CVE-2019-14849
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
CVSS Score
4.6
EPSS Score
0.004
Published
2019-12-12
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
CVSS Score
8.8
EPSS Score
0.018
Published
2019-12-11
CVE-2014-0026
katello-headpin is vulnerable to CSRF in REST API
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-11
CVE-2013-6495
JBossWeb Bayeux has reflected XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-11
CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVSS Score
6.1
EPSS Score
0.011
Published
2019-12-11
CVE-2019-13753
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.042
Published
2019-12-10
CVE-2019-13754
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-12-10
CVE-2019-13755
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.019
Published
2019-12-10
CVE-2019-13756
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.019
Published
2019-12-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved