Search for packages
| purl | pkg:rpm/redhat/apache-mime4j@0.6-4_redhat_1.ep6.el6?arch=1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1yu9-avtx-cybv
Aliases: CVE-2015-1844 |
foreman: API not scoping resources to taxonomies | There are no reported fixed by versions. |
|
VCID-67r2-k4bt-yqcr
Aliases: CVE-2012-5561 |
Katello: /etc/katello/secure/passphrase is world readable | There are no reported fixed by versions. |
|
VCID-7f1h-1fw8-k7c4
Aliases: CVE-2015-3155 |
foreman: the _session_id cookie is issued without the Secure flag | There are no reported fixed by versions. |
|
VCID-8wen-twwa-8khm
Aliases: CVE-2014-3653 |
foreman: cross-site scripting (XSS) flaw in template preview screen | There are no reported fixed by versions. |
|
VCID-91xe-ev7t-akb9
Aliases: CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317 |
Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | There are no reported fixed by versions. |
|
VCID-9uh8-upzm-7bgd
Aliases: CVE-2013-0184 GHSA-v882-ccj6-jc48 OSV-89327 |
Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." | There are no reported fixed by versions. |
|
VCID-rc65-py17-kuhm
Aliases: CVE-2015-1816 |
foreman: lack of SSL certificate validation when performing LDAPS authentication | There are no reported fixed by versions. |
|
VCID-sqjb-qpyd-p7gn
Aliases: CVE-2015-3235 |
foreman: edit_users permission allows changing of admin passwords | There are no reported fixed by versions. |
|
VCID-tbug-mv5x-uucb
Aliases: CVE-2013-4346 GHSA-4433-4cxq-vv73 PYSEC-2014-85 |
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | There are no reported fixed by versions. |
|
VCID-teq8-nqhf-xbbq
Aliases: CVE-2013-0183 GHSA-3pxh-h8hw-mj8w OSV-89320 |
Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. | There are no reported fixed by versions. |
|
VCID-utxw-251d-gfff
Aliases: CVE-2014-3590 |
rhn_satellite_6: cross-site request forgery (CSRF) can force logout | There are no reported fixed by versions. |
|
VCID-vspr-h3ds-dudq
Aliases: CVE-2013-0162 GHSA-8mvw-22r7-w6fq OSV-90561 |
Incorrect temporary file usage The ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable. | There are no reported fixed by versions. |
|
VCID-y93x-twrw-bfbf
Aliases: CVE-2012-5603 |
Katello: lack of authorization in proxies_controller.rb | There are no reported fixed by versions. |
|
VCID-zkgb-14kz-33dz
Aliases: CVE-2013-4347 GHSA-rv8h-p43r-4x5r PYSEC-2014-86 |
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||