Lucene search
K
RedhatSoftware Collections-

24 matches found

cve
cve
added 2021/05/20 12:0 a.m.1885 views

CVE-2021-3426

CVE-2021-3426 corresponds to a vulnerability in Python’s pydoc where the getfile feature could be abused to read arbitrary files. The linked sources confirm the issue affects Python versions prior to specific releases (e.g., Python before 3.8.9, 3.9.3, and 3.10.0a7 per the CVE description) and no...

5.7CVSS5.6AI score0.01863EPSS
cve
cve
added 2021/12/14 12:0 a.m.1458 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildWeb
cve
cve
added 2023/06/09 12:0 a.m.1279 views

CVE-2023-2454

CVE-2023-2454 concerns PostgreSQL; a flaw in schema_element defeats protective search_path changes could allow an authenticated user with database-level privileges to run arbitrary code. This has been observed in multiple advisories (including Astra Linux and Amazon Linux 2 notes) and is linked t...

7.2CVSS7.5AI score0.0119EPSS
cve
cve
added 2023/03/23 12:0 a.m.971 views

CVE-2023-0056

CVE-2023-0056 affects HAProxy and is described in connected advisories as an uncontrolled resource consumption DoS that can crash the service, including a scenario where an authenticated remote attacker could trigger a crafted server in an OpenShift cluster. The issue is associated with HAProxy’s...

6.5CVSS6.3AI score0.01834EPSS
cve
cve
added 2022/09/09 12:0 a.m.844 views

CVE-2020-10735

CVE-2020-10735 affects Python’s integer parsing with non-binary bases, where int("text") on very long digit strings can cause a CPU DoS, impacting availability. The flaw is present in Python’s PyLong_FromString path and manifests in quadratic-time scenarios when parsing large decimal-like strings...

7.5CVSS7.5AI score0.03502EPSS
cve
cve
added 2022/08/24 12:0 a.m.811 views

CVE-2021-4189

CVE-2021-4189 affects Python’s FTP (ftplib) client: in PASV mode it trusts the host from the PASV response by default, enabling a malicious FTP server to trick clients into connecting back to an attacker-specified IP/port (potential port scanning). Debian LTS postings and other advisories explici...

5.3CVSS6.2AI score0.02602EPSS
cve
cve
added 2023/06/09 12:0 a.m.781 views

CVE-2023-2455

CVE-2023-2455 describes a vulnerability in PostgreSQL row-level security where policies can be misapplied when a query plan is reused across different roles (e.g., security definer, or a common user plan executed under multiple SET ROLEs). The issue arises when policy evaluation depends on the in...

5.4CVSS6.3AI score0.00694EPSS
cve
cve
added 2021/06/01 12:0 a.m.733 views

CVE-2021-32027

CVE-2021-32027 is documented across multiple connected advisories as a PostgreSQL flaw in which, on versions prior to 13.3, 12.7, 11.12, 10.17, and 9.6.22, authenticated database users could write arbitrary bytes into server memory while modifying certain SQL array values due to missing bounds ch...

8.8CVSS7.6AI score0.0199EPSS
cve
cve
added 2022/01/01 12:0 a.m.508 views

CVE-2021-41819

CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...

7.5CVSS7.5AI score0.02931EPSS
cve
cve
added 2021/04/01 1:46 p.m.494 views

CVE-2021-3393

CVE-2021-3393 affects PostgreSQL: information leakage where a user with UPDATE but not SELECT permission on a column could cause error messages to reveal values from that column. Versions affected are before 13.2, before 12.6, and before 11.11. Fixes are available by upgrading to PostgreSQL 13.2+...

4.3CVSS4.2AI score0.01187EPSS
cve
cve
added 2020/03/17 3:28 p.m.483 views

CVE-2020-1720

CVE-2020-1720 discusses a PostgreSQL flaw in ALTER ... DEPENDS ON EXTENSION where sub-commands did not perform authorization checks. An authenticated attacker could, in certain configurations, drop objects (functions, triggers, etc.) causing database corruption. Affected versions are PostgreSQL p...

6.5CVSS6.5AI score0.01183EPSS
cve
cve
added 2022/01/01 12:0 a.m.454 views

CVE-2021-41817

CVE-2021-41817 is a Ruby-related ReDoS in Date parsing. The vulnerability affects Ruby’s date parsing pathways (notably date parsing methods) up to versions around 3.2.0, enabling denial-of-service via crafted date strings. The fixed releases cited in the sources are 3.2.1, 3.1.2, 3.0.2, and 2.0....

7.5CVSS7.4AI score0.03222EPSS
cve
cve
added 2020/12/03 4:39 p.m.424 views

CVE-2020-27783

The CVE-2020-27783 issue is a XSS vulnerability in python-lxml's HTML Cleaner. The Cleaner’s parser did not sufficiently emulate browsers, causing mismatches between sanitization and the rendered page. This can allow a remote attacker to run arbitrary HTML/JS in a victim’s browser. Affected produ...

6.1CVSS6.4AI score0.03934EPSS
cve
cve
added 2023/03/06 12:0 a.m.404 views

CVE-2022-4904

CVE-2022-4904 affects the c-ares library. The issue stems from missing input validation in ares_set_sortlist, enabling an arbitrary-length stack overflow and potentially causing denial of service with limited impacts to confidentiality and integrity. Connected advisories indicate this vulnerabili...

8.6CVSS8.5AI score0.01232EPSS
cve
cve
added 2020/02/20 4:1 p.m.402 views

CVE-2014-4650

CVE-2014-4650 affects the CGIHTTPServer module in Python 2.7.5 and 3.3.4, where URL-encoded path separators (e.g., %2f) can allow remote attackers to read CGI script sources, traverse directories, or execute unintended code. Connected advisories document this vulnerability alongside related Pytho...

9.8CVSS7.5AI score0.247EPSS
cve
cve
added 2022/03/04 6:41 p.m.386 views

CVE-2021-3656

CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...

8.8CVSS8.6AI score0.00658EPSS
cve
cve
added 2023/08/11 12:19 p.m.377 views

CVE-2023-39417

CVE-2023-39417 concerns a SQL injection in PostgreSQL extension scripting substitutions (@extowner@/@extschema@ inside quotes) that can, with administrator-installed vulnerable non-bundled extensions and database CREATE privilege, allow arbitrary code execution as the bootstrap superuser. Affecte...

8.8CVSS8.8AI score0.01572EPSS
cve
cve
added 2021/03/23 4:40 p.m.348 views

CVE-2021-20270

CVE-2021-20270 describes an infinite loop in Pygments’ SMLLexer, affecting Pygments 1.5–2.7.3, which can cause DoS during syntax highlighting of StandardML sources (e.g., input containing only the keyword “exception”). Connected advisories confirm affected distributions (e.g., Debian, AlmaLinux, ...

7.5CVSS7.3AI score0.02707EPSS
cve
cve
added 2021/10/04 5:40 p.m.307 views

CVE-2021-32672

Redis contains CVE-2021-32672, a vulnerability in the Redis Lua Debugger where the protocol parser can read data beyond the actual buffer when handling malformed requests. This affects Redis builds that include Lua debugging support (3.2+). The issue is mitigated by upgrading to patched releases:...

5.3CVSS6AI score0.01702EPSS
cve
cve
added 2022/03/02 9:59 p.m.302 views

CVE-2022-0711

HAProxy is affected by CVE-2022-0711 due to a flaw in processing HTTP responses with the Set-Cookie2 header, which can cause an infinite loop and a denial-of-service condition (availability impact). The vulnerability is observable across multiple advisories and vendor pages, including Debian secu...

7.5CVSS7AI score0.16563EPSS
cve
cve
added 2021/02/23 5:40 p.m.285 views

CVE-2021-20229

CVE-2021-20229 – Summary (based on provided sources): PostgreSQL versions before 13.2 are vulnerable to a confidentiality flaw where a user with SELECT privilege on a single column can craft a query that returns all columns in a table. The issue is discussed across multiple advisories (IBM Securi...

4.3CVSS4.4AI score0.01466EPSS
cve
cve
added 2023/11/02 3:1 p.m.264 views

CVE-2022-4900

CVE-2022-4900 is a PHP heap-buffer overflow caused by setting PHP_CLI_SERVER_WORKERS to a large value. From connected sources, IBM Storage Sentinel Anomaly Scan Engine 1.1 and Debian/IBM advisories confirm the issue affects PHP and can enable a local denial-of-service condition. Remediation in th...

6.2CVSS6.1AI score0.00367EPSS
cve
cve
added 2021/03/19 7:22 p.m.179 views

CVE-2019-10196

The CVE-2019-10196 entry affects the http-proxy-agent package before version 2.1.0. The root cause is that the auth option is passed to the Buffer constructor without proper sanitization, enabling a Denial of Service that can consume all CPU resources, and potential data exposure due to an uninit...

9.8CVSS9.1AI score0.01392EPSS
cve
cve
added 2019/11/05 9:16 p.m.103 views

CVE-2013-5123

The CVE-2013-5123 issue affects Python-pip prior to 1.5, where the mirroring support (-M/--use-mirrors) performs insecure DNS queries and lacks proper authenticity checks, enabling MITM-like download tampering. Connected advisories confirm this vulnerability and describe the fix as removing the m...

5.9CVSS5.4AI score0.07987EPSS
Web