Shodan
Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
CVE-2011-2919
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-02-05
CVE-2011-2920
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-02-05
CVE-2011-2927
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-02-05
CVE-2011-1594
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2014-02-05
CVE-2014-0497
Known exploited
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.93
Published
2014-02-05
CVE-2012-3427
EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-02-02
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-02-02
CVE-2014-0001
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVSS Score
7.5
EPSS Score
0.207
Published
2014-01-31
CVE-2013-5364
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.
CVSS Score
3.6
EPSS Score
0.001
Published
2014-01-26
CVE-2013-6434
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-01-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved