Vulnerabilities > Redhat > Software Collections

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-3426 Path Traversal vulnerability in multiple products
There's a flaw in Python 3's pydoc.
5.7
2021-04-01 CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
network
low complexity
postgresql redhat
4.3
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
7.5
2021-03-19 CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat
critical
9.8
2021-02-23 CVE-2021-20229 A flaw was found in PostgreSQL in versions before 13.2.
network
low complexity
postgresql redhat fedoraproject
4.3
2020-12-03 CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module.
network
low complexity
lxml redhat debian fedoraproject netapp oracle
6.1
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5
2020-03-17 CVE-2020-1720 Missing Authorization vulnerability in multiple products
A flaw was found in PostgreSQL's "ALTER ...
network
low complexity
postgresql redhat CWE-862
6.5
2020-02-20 CVE-2014-4650 Path Traversal vulnerability in multiple products
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
network
low complexity
python redhat CWE-22
critical
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8