Vulnerabilities > Redhat > Software Collections

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2019-2434 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
network
low complexity
oracle canonical netapp redhat
6.5
2019-01-16 CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle canonical netapp redhat
4.9
2017-10-24 CVE-2017-12613 Out-of-bounds Read vulnerability in multiple products
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
local
low complexity
apache debian redhat CWE-125
7.1
2016-04-13 CVE-2015-7545 Improper Access Control vulnerability in multiple products
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
network
low complexity
git-project canonical redhat opensuse CWE-284
critical
9.8
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
7.5