Product:

Software_collections

(Redhat)
Repositories https://github.com/apache/httpd
#Vulnerabilities 130
Date Id Summary Products Score Patch Annotated
2019-03-09 CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections 7.5
2019-03-09 CVE-2019-9640 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections 7.5
2016-02-15 CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Xcode, Ubuntu_linux, Debian_linux, Nginx, Leap, Software_collections 7.5
2021-03-23 CVE-2021-20270 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Debian_linux, Fedora, Pygments, Enterprise_linux, Openshift_container_platform, Openstack_platform, Software_collections 7.5
2019-07-11 CVE-2019-10192 A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Ubuntu_linux, Debian_linux, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openstack, Software_collections, Redis 7.2
2021-02-23 CVE-2021-20229 A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. Fedora, Postgresql, Enterprise_linux, Software_collections 4.3
2021-04-01 CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. Postgresql, Enterprise_linux, Software_collections 4.3
2021-03-19 CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. Fedora, Http\-Proxy\-Agent, Enterprise_linux, Software_collections 9.8
2019-06-19 CVE-2019-11040 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Debian_linux, Leap, Php, Software_collections 9.1
2019-06-19 CVE-2019-11039 Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. Debian_linux, Leap, Php, Software_collections 9.1