Redhat

Software Collections

137 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-15604

Exploit
  • EPSS 4.72%
  • Published 07.02.2020 15:15:11
  • Last modified 21.11.2024 04:29:06

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

9.8

CVE-2019-15605

  • EPSS 32.25%
  • Published 07.02.2020 15:15:11
  • Last modified 21.11.2024 04:29:06

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8

CVE-2019-17570

Exploit
  • EPSS 70.52%
  • Published 23.01.2020 22:15:10
  • Last modified 21.11.2024 04:32:33

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apa...

5.9

CVE-2013-5123

  • EPSS 12.86%
  • Published 05.11.2019 22:15:10
  • Last modified 21.11.2024 01:57:03

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

9.8

CVE-2019-11043

Warning Exploit
  • EPSS 94.11%
  • Published 28.10.2019 15:15:13
  • Last modified 14.02.2025 16:43:36

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p...

7.5

CVE-2019-16056

  • EPSS 0.58%
  • Published 06.09.2019 18:15:15
  • Last modified 21.11.2024 04:29:57

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple...

7.8

CVE-2019-9518

  • EPSS 3.67%
  • Published 13.08.2019 21:15:13
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...

7.8

CVE-2019-9511

  • EPSS 13.95%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T...

7.8

CVE-2019-9513

  • EPSS 4.36%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...

7.8

CVE-2019-9514

  • EPSS 9.48%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p...