Vulnerabilities > Redhat > Software Collections > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-10 CVE-2023-5868 A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments.
network
low complexity
postgresql redhat
4.3
2023-12-10 CVE-2023-5870 A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher.
network
high complexity
postgresql redhat
4.4
2023-11-02 CVE-2022-4900 Out-of-bounds Write vulnerability in multiple products
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
local
low complexity
php redhat CWE-787
5.5
2023-06-09 CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.
network
low complexity
postgresql redhat fedoraproject
5.4
2022-08-24 CVE-2021-4189 Unchecked Return Value vulnerability in multiple products
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.
network
low complexity
python debian redhat netapp CWE-252
5.3
2022-03-02 CVE-2021-3677 Information Exposure vulnerability in multiple products
A flaw was found in postgresql.
network
low complexity
postgresql redhat fedoraproject CWE-200
6.5
2021-10-04 CVE-2021-32672 Out-of-bounds Read vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
4.3
2021-05-20 CVE-2021-3426 Path Traversal vulnerability in multiple products
There's a flaw in Python 3's pydoc.
5.7
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
5.0
2021-02-23 CVE-2021-20229 Incorrect Authorization vulnerability in multiple products
A flaw was found in PostgreSQL in versions before 13.2.
network
low complexity
postgresql redhat fedoraproject CWE-863
4.0