Redhat Software Collections vulnerabilities
113 known vulnerabilities affecting redhat/software_collections.
Total CVEs
113
CISA KEV
5
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL10HIGH26MEDIUM74LOW3
Vulnerabilities
Page 5 of 6
CVE-2019-2686MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2686 [MEDIUM] CVE-2019-2686: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2689MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2689 [MEDIUM] CVE-2019-2689: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2630MEDIUMCVSS 4.4v1.02019-04-23
CVE-2019-2630 [MEDIUM] CVE-2019-2630: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2019-2596MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2596 [MEDIUM] CVE-2019-2596: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi
nvd
CVE-2019-2636MEDIUMCVSS 4.4v1.02019-04-23
CVE-2019-2636 [MEDIUM] CVE-2019-2636: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in una
nvd
CVE-2019-2683MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2683 [MEDIUM] CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2019-2584MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2584 [MEDIUM] CVE-2019-2584: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2019-2693MEDIUMCVSS 6.5v1.02019-04-23
CVE-2019-2693 [MEDIUM] CVE-2019-2693: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2019-2585MEDIUMCVSS 4.9v1.02019-04-23
CVE-2019-2585 [MEDIUM] CVE-2019-2585: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau
nvd
CVE-2019-11035CRITICALCVSS 9.1v1.02019-04-18
CVE-2019-11035 [CRITICAL] CWE-125 CVE-2019-11035: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
nvd
CVE-2019-11034CRITICALCVSS 9.1v1.02019-04-18
CVE-2019-11034 [CRITICAL] CWE-125 CVE-2019-11034: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
nvd
CVE-2019-0211HIGHCVSS 7.8KEVPoCv1.02019-04-08
CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are
nvd
CVE-2019-10906HIGHCVSS 8.6v1.02019-04-07
CVE-2019-10906 [HIGH] CVE-2019-10906: In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
nvd
CVE-2019-5419HIGHCVSS 7.5v1.02019-03-27
CVE-2019-5419 [HIGH] CWE-400 CVE-2019-5419: There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
nvd
CVE-2019-5418HIGHCVSS 7.5KEVPoCv1.02019-03-27
CVE-2019-5418 [HIGH] CWE-22 CVE-2019-5418: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.1
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
nvd
CVE-2019-9639HIGHCVSS 7.5v1.02019-03-09
CVE-2019-9639 [HIGH] CWE-908 CVE-2019-9639: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
nvd
CVE-2019-9640HIGHCVSS 7.5v1.02019-03-09
CVE-2019-9640 [HIGH] CWE-125 CVE-2019-9640: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
nvd
CVE-2019-9638HIGHCVSS 7.5v1.02019-03-09
CVE-2019-9638 [HIGH] CWE-125 CVE-2019-9638: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
nvd
CVE-2019-2534HIGHCVSS 7.1v1.02019-01-16
CVE-2019-2534 [HIGH] CVE-2019-2534: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner
nvd
CVE-2019-2532MEDIUMCVSS 4.9v1.02019-01-16
CVE-2019-2532 [MEDIUM] CVE-2019-2532: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit
nvd