Software collections

This hub aggregates every CVE we track for Software collections, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Software collections.

• CVE-2023-5870Postgresql: role pg_signal_backend can signal certain superuser processes.2.2Dec 10, 2023
• CVE-2023-5868Postgresql: memory disclosure in aggregate function calls4.3Dec 10, 2023
• CVE-2023-5869Postgresql: buffer overrun from integer overflow in array modification8.8Dec 10, 2023
• CVE-2022-4900Potential buffer overflow in php_cli_server_startup_workers6.2Nov 2, 2023
• CVE-2023-39417Postgresql: extension script @substitutions@ within quoting allow sql injection7.5Aug 11, 2023
• CVE-2023-2454schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbi...7.2Jun 9, 2023
• CVE-2023-2455Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is ...5.4Jun 9, 2023
• CVE-2023-0056An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malici...6.5Mar 23, 2023
• CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause...8.6Mar 6, 2023
• CVE-2020-10735A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s f...7.5Sep 9, 2022
• CVE-2021-4189A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default...5.3Aug 24, 2022
• CVE-2021-3656A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a ...8.8Mar 4, 2022
• CVE-2021-23214When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connectio...8.1Mar 4, 2022
• CVE-2022-0711A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite l...7.5Mar 2, 2022
• CVE-2021-3677A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. Th...6.5Mar 2, 2022