Redhat Software Collections vulnerabilities

CVE-2019-2420 [MEDIUM] CVE-2019-2420: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can resul

CVE-2019-2535 [MEDIUM] CVE-2019-2535: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result i

CVE-2019-2536 [MEDIUM] CVE-2019-2536: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a

CVE-2019-2531 [MEDIUM] CVE-2019-2531: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vul

CVE-2019-2436 [MEDIUM] CVE-2019-2436: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized a

CVE-2019-2533 [MEDIUM] CVE-2019-2533: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privi Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unau

CVE-2019-2539 [MEDIUM] CVE-2019-2539: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supp Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ab

CVE-2019-2434 [MEDIUM] CVE-2019-2434: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supporte Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in

CVE-2019-2530 [MEDIUM] CVE-2019-2530: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abi

CVE-2017-12613 [HIGH] CWE-125 CVE-2017-12613: When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value i When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may rep

CVE-2015-7545 [CRITICAL] CWE-20 CVE-2015-7545: The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

CVE-2016-0752 [HIGH] CWE-22 CVE-2016-0752: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x b Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

CVE-2016-0742 [HIGH] CWE-476 CVE-2016-0742: The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.