Software Collections

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-01	CVE-2021-3393	Information Exposure Through an Error Message vulnerability in multiple products An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. network postgresql redhat CWE-209	3.5
2021-03-23	CVE-2021-20270	Infinite Loop vulnerability in multiple products An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. network low complexity pygments redhat fedoraproject debian CWE-835	5.0
2021-03-19	CVE-2019-10196	Improper Initialization vulnerability in multiple products A flaw was found in http-proxy-agent, prior to version 2.1.0. network low complexity http-proxy-agent-project fedoraproject redhat CWE-665 critical	9.0
2021-02-23	CVE-2021-20229	Incorrect Authorization vulnerability in multiple products A flaw was found in PostgreSQL in versions before 13.2. network low complexity postgresql redhat fedoraproject CWE-863	4.0
2020-12-03	CVE-2020-27783	Cross-site Scripting vulnerability in multiple products A XSS vulnerability was discovered in python-lxml's clean module. network low complexity lxml redhat debian fedoraproject netapp oracle CWE-79	6.1
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-03-17	CVE-2020-1720	Missing Authorization vulnerability in multiple products A flaw was found in PostgreSQL's "ALTER ... network low complexity postgresql redhat CWE-862	6.5
2020-02-20	CVE-2014-4650	Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. network low complexity python redhat CWE-22	7.5
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5