Red Hat Rhel Software Collections
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhel Software Collections.
By the Year
In 2025 there have been 0 vulnerabilities in Red Hat Rhel Software Collections. Last year, in 2024 Rhel Software Collections had 1 security vulnerability published. Right now, Rhel Software Collections is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.50 |
| 2023 | 7 | 5.66 |
It may take a day or so for new Rhel Software Collections vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhel Software Collections Security Vulnerabilities
Memory Leak in Go RSA (golang-fips/openssl) Leads to Resource Exhaustion
CVE-2024-1394
7.5 - High
- March 21, 2024
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Memory Leak
PostgreSQL Array Integer Overflow Allows Authenticated Code Exec
CVE-2023-5869
8.8 - High
- December 10, 2023
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Integer Overflow or Wraparound
PostgreSQL Mem Disclosure via Unknown-Type Aggregate Calls
CVE-2023-5868
4.3 - Medium
- December 10, 2023
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Function Call With Incorrect Argument Type
PostgreSQL pg_cancel_backend Exploit Allowing DoS on Background Worker
CVE-2023-5870
2.2 - Low
- December 10, 2023
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Resource Exhaustion
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
CVE-2022-4900
6.2 - Medium
- November 02, 2023
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
Buffer Overflow
A vulnerability was found in MariaDB
CVE-2023-5157
7.5 - High
- September 27, 2023
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Resource Exhaustion
A vulnerability was found in PostgreSQL with the use of the MERGE command
CVE-2023-39418
3.1 - Low
- August 11, 2023
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Insufficient Granularity of Access Control
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:
CVE-2023-39417
7.5 - High
- August 11, 2023
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhel Software Collections or by Red Hat? Click the Watch button to subscribe.
