Shodan
Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
CVE-2017-7553
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
CVSS Score
6.3
EPSS Score
0.002
Published
2017-09-29
CVE-2017-7554
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-09-29
CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-26
CVE-2015-0238
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-09-26
CVE-2015-5181
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-25
CVE-2015-5182
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-09-25
CVE-2015-5183
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-25
CVE-2015-5184
Console: CORS headers set to allow all in Red Hat AMQ.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-25
CVE-2015-7544
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
CVSS Score
9.1
EPSS Score
0.009
Published
2017-09-25
CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
CVSS Score
6.4
EPSS Score
0.001
Published
2017-09-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved