Vulnerabilities > Redhat > Software Collections

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4189 Unchecked Return Value vulnerability in multiple products
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.
network
low complexity
python debian redhat netapp CWE-252
5.3
2022-03-04 CVE-2021-3656 Missing Authorization vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization.
local
low complexity
linux fedoraproject redhat CWE-862
8.8
2022-03-04 CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat
8.1
2022-03-02 CVE-2021-3677 A flaw was found in postgresql.
network
low complexity
postgresql redhat fedoraproject
6.5
2022-03-02 CVE-2022-0711 Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy redhat debian CWE-835
7.5
2022-01-01 CVE-2021-41819 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.
7.5
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 7.5
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-10-04 CVE-2021-32672 Out-of-bounds Read vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
4.3
2021-06-01 CVE-2021-32027 A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22.
network
low complexity
postgresql redhat
8.8