Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Software Collections
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0711 3 Debian, Haproxy, Redhat 5 Debian Linux, Haproxy, Enterprise Linux and 2 more 2022-07-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2014-4650 2 Python, Redhat 3 Python, Enterprise Linux, Software Collections 2022-06-27 7.5 HIGH 9.8 CRITICAL
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
CVE-2017-12613 3 Apache, Debian, Redhat 11 Portable Runtime, Debian Linux, Enterprise Linux Desktop and 8 more 2022-04-18 3.6 LOW 7.1 HIGH
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
CVE-2019-9640 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2016-0742 6 Apple, Canonical, Debian and 3 more 6 Xcode, Ubuntu Linux, Debian Linux and 3 more 2021-12-15 5.0 MEDIUM 7.5 HIGH
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2021-20270 4 Debian, Fedoraproject, Pygments and 1 more 7 Debian Linux, Fedora, Pygments and 4 more 2021-12-10 5.0 MEDIUM 7.5 HIGH
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2019-10192 5 Canonical, Debian, Oracle and 2 more 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more 2021-10-28 6.5 MEDIUM 7.2 HIGH
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVE-2021-20229 3 Fedoraproject, Postgresql, Redhat 4 Fedora, Postgresql, Enterprise Linux and 1 more 2021-06-09 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3393 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Software Collections 2021-06-04 3.5 LOW 4.3 MEDIUM
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
CVE-2019-10196 3 Fedoraproject, Http-proxy-agent Project, Redhat 4 Fedora, Http-proxy-agent, Enterprise Linux and 1 more 2021-03-25 9.0 HIGH 9.8 CRITICAL
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
CVE-2019-5419 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 7.8 HIGH 7.5 HIGH
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 5.0 MEDIUM 7.5 HIGH
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-11038 8 Canonical, Debian, Fedoraproject and 5 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2020-10-16 5.0 MEDIUM 5.3 MEDIUM
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
CVE-2019-11039 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2020-10-16 6.4 MEDIUM 9.1 CRITICAL
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11040 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2020-10-16 6.4 MEDIUM 9.1 CRITICAL
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-1720 2 Postgresql, Redhat 4 Postgresql, Decision Manager, Enterprise Linux and 1 more 2020-10-15 3.5 LOW 6.5 MEDIUM
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2019-11034 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2020-10-02 6.4 MEDIUM 9.1 CRITICAL
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11036 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2020-10-02 6.4 MEDIUM 9.1 CRITICAL
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.