Software Collections Security Vulnerabilities and Issues — Software Collections CVE List

Lucene search

RedhatSoftware Collections

8 matches found

CVE•added 2022/09/09 2:15 p.m.•719 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 ...

7.5CVSS7.5AI score0.00355EPSS

CVE•added 2022/08/24 4:15 p.m.•716 views

CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connec...

5.3CVSS6.2AI score0.0032EPSS

CVE•added 2022/03/04 4:15 p.m.•513 views

CVE-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

8.1CVSS8.3AI score0.00588EPSS

CVE•added 2022/01/01 6:15 a.m.•441 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5CVSS7.5AI score0.00566EPSS

CVE•added 2022/01/01 5:15 a.m.•397 views

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

7.5CVSS7.4AI score0.00422EPSS

CVE•added 2022/03/02 11:15 p.m.•355 views

CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_process...

6.5CVSS6.4AI score0.00201EPSS

CVE•added 2022/03/04 7:15 p.m.•321 views

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malici...

8.8CVSS8.6AI score0.00057EPSS

CVE•added 2022/03/02 10:15 p.m.•254 views

CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability...

7.5CVSS7AI score0.65578EPSS