VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
>
Software Collections
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2023-12-10
CVE-2023-5869
Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification.
network
low complexity
postgresql
redhat
CWE-190
8.8
8.8
2023-08-11
CVE-2023-39417
SQL Injection vulnerability in multiple products
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or "").
network
low complexity
postgresql
redhat
debian
CWE-89
8.8
8.8
2023-06-09
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
network
low complexity
postgresql
redhat
fedoraproject
7.2
7.2
2023-03-06
CVE-2022-4904
Improper Validation of Specified Quantity in Input vulnerability in multiple products
A flaw was found in the c-ares package.
network
low complexity
c-ares-project
redhat
fedoraproject
CWE-1284
8.6
8.6
2022-09-09
CVE-2020-10735
Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in python.
network
low complexity
python
redhat
fedoraproject
CWE-704
7.5
7.5
2022-03-04
CVE-2021-3656
Missing Authorization vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization.
local
low complexity
linux
fedoraproject
redhat
CWE-862
8.8
8.8
2022-03-04
CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql
fedoraproject
redhat
8.1
8.1
2022-03-02
CVE-2022-0711
Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy
redhat
debian
CWE-835
7.5
7.5
2022-01-01
CVE-2021-41819
Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.
network
low complexity
ruby-lang
redhat
debian
suse
opensuse
fedoraproject
CWE-565
7.5
7.5
2022-01-01
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string.
network
low complexity
ruby-lang
redhat
fedoraproject
debian
suse
opensuse
7.5
7.5
«
1
(current)
2
3
4
»
Next