Software Collections Security Vulnerabilities and Issues — Software Collections CVE List

Lucene search

RedhatSoftware Collections

9 matches found

CVE•added 2021/09/16 3:15 p.m.•4434 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94432EPSS

CVE•added 2021/05/20 1:15 p.m.•1722 views

CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to acces...

5.7CVSS5.6AI score0.00101EPSS

CVE•added 2021/12/14 12:15 p.m.•1079 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2021/06/01 2:15 p.m.•671 views

CVE-2021-32027

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vul...

8.8CVSS7.6AI score0.00491EPSS

CVE•added 2021/04/01 2:15 p.m.•416 views

CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An ...

4.3CVSS4.2AI score0.00091EPSS

CVE•added 2021/03/23 5:15 p.m.•289 views

CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

7.5CVSS7.3AI score0.00089EPSS

CVE•added 2021/10/04 6:15 p.m.•252 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer)...

5.3CVSS6AI score0.00391EPSS

CVE•added 2021/02/23 6:15 p.m.•239 views

CVE-2021-20229

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

4.3CVSS4.4AI score0.00071EPSS

CVE•added 2021/03/19 8:15 p.m.•161 views

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninit...

9.8CVSS9.1AI score0.00364EPSS