Vulnerabilities > Redhat > Software Collections > 1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-10	CVE-2023-5868	A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. network low complexity postgresql redhat	4.3
2023-12-10	CVE-2023-5869	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. network low complexity postgresql redhat CWE-190	8.8
2023-12-10	CVE-2023-5870	A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. network high complexity postgresql redhat	4.4
2022-03-04	CVE-2021-23214	When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. network high complexity postgresql fedoraproject redhat	8.1
2022-03-02	CVE-2021-3677	A flaw was found in postgresql. network low complexity postgresql redhat fedoraproject	6.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5
2020-01-23	CVE-2019-17570	Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. network low complexity apache debian canonical fedoraproject redhat CWE-502 critical	9.8
2019-10-28	CVE-2019-11043	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. network low complexity php canonical debian fedoraproject tenable redhat CWE-787 critical	9.8