Vulnerabilities > Redhat > Software Collections > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2019-10196 Improper Initialization vulnerability in multiple products
A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat CWE-665
critical
 9.0
9.0
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
 9.8
9.8
2020-01-23 CVE-2019-17570 Deserialization of Untrusted Data vulnerability in multiple products
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library.
network
low complexity
apache debian canonical fedoraproject redhat CWE-502
critical
 9.8
9.8
2019-05-03 CVE-2019-11036 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php fedoraproject redhat canonical debian opensuse CWE-125
critical
 9.1
9.1