Shodan
Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-08-31
CVE-2014-8163
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-08-28
CVE-2014-0141
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28
CVE-2014-8168
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-08-28
CVE-2015-5293
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-08-24
CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVSS Score
8.8
EPSS Score
0.938
Published
2017-08-23
CVE-2016-6310
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-08-22
CVE-2016-6311
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
CVSS Score
5.3
EPSS Score
0.007
Published
2017-08-22
CVE-2017-5208
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
CVSS Score
8.8
EPSS Score
0.016
Published
2017-08-22
CVE-2017-10661
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVSS Score
7.0
EPSS Score
0.276
Published
2017-08-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved