Red hat software collections
This hub aggregates every CVE we track for Red hat software collections, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
269
CVEs tracked
31
Critical
83
High
2
In CISA KEV
Severity distribution
MEDIUM136HIGH83CRITICAL31LOW19
Monthly trend
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat software collections.
- CVE-2024-11236Integer overflow in the firebird and dblib quoters causing OOB writes9.8
- CVE-2023-39333Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not...5.3
- CVE-2024-21102Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vu...4.9
- CVE-2024-21096Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulne...4.9
- CVE-2024-21087Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily expl...4.9
- CVE-2024-21000Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploita...3.8
- CVE-2024-20994Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to expl...5.3
- CVE-2024-30156Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Br...7.5
- CVE-2024-1394Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads7.5
- CVE-2024-22195Jinja vulnerable to Cross-Site Scripting (XSS)5.4
- CVE-2023-5870Postgresql: role pg_signal_backend can signal certain superuser processes.2.2
- CVE-2023-5868Postgresql: memory disclosure in aggregate function calls4.3
- CVE-2023-5869Postgresql: buffer overrun from integer overflow in array modification8.8
- CVE-2023-30590The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the func...7.5
- CVE-2023-30581The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using ...7.5
Product normalization is registry-driven with AI assist and human review. How it works