Filtered by vendor Redhat
Subscriptions
Filtered by product Software Collections
Subscriptions
Total
136 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-32027 | 2 Postgresql, Redhat | 7 Postgresql, Ansible Automation Platform, Enterprise Linux and 4 more | 2024-08-03 | 8.8 High |
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-23214 | 3 Fedoraproject, Postgresql, Redhat | 7 Fedora, Postgresql, Enterprise Linux and 4 more | 2024-08-03 | 8.1 High |
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | ||||
CVE-2021-20270 | 4 Debian, Fedoraproject, Pygments and 1 more | 9 Debian Linux, Fedora, Pygments and 6 more | 2024-08-03 | 7.5 High |
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | ||||
CVE-2021-20229 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2024-08-03 | 4.3 Medium |
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | ||||
CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 6 Debian Linux, Ontap Select Deploy Administration Utility, Python and 3 more | 2024-08-03 | 5.3 Medium |
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | ||||
CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 59 Log4j, Fedora, Advanced Supply Chain Planning and 56 more | 2024-08-03 | 7.5 High |
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
CVE-2021-3677 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2024-08-03 | 6.5 Medium |
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | ||||
CVE-2021-3656 | 3 Fedoraproject, Linux, Redhat | 31 Fedora, Linux Kernel, 3scale Api Management and 28 more | 2024-08-03 | 8.8 High |
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. | ||||
CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 11 Debian Linux, Fedora, Cloud Backup and 8 more | 2024-08-03 | 5.7 Medium |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | ||||
CVE-2021-3393 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Rhel Eus and 2 more | 2024-08-03 | 4.3 Medium |
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. | ||||
CVE-2022-4900 | 2 Php, Redhat | 5 Php, Enterprise Linux, Linux and 2 more | 2024-08-03 | 6.2 Medium |
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | ||||
CVE-2022-4904 | 3 C-ares Project, Fedoraproject, Redhat | 6 C-ares, Fedora, Enterprise Linux and 3 more | 2024-08-03 | 8.6 High |
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | ||||
CVE-2022-0711 | 3 Debian, Haproxy, Redhat | 6 Debian Linux, Haproxy, Enterprise Linux and 3 more | 2024-08-02 | 7.5 High |
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | ||||
CVE-2023-2455 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2024-08-02 | 5.4 Medium |
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | ||||
CVE-2023-2454 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2024-08-02 | 7.2 High |
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | ||||
CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 12 Extra Packages For Enterprise Linux, Fedora, Haproxy and 9 more | 2024-08-02 | 6.5 Medium |
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. |