Search for packages
| purl | pkg:rpm/redhat/eap7-apache-cxf@3.3.12-1.redhat_00001.1?arch=el7eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2thz-p7bw-7bdk
Aliases: CVE-2021-20289 GHSA-244r-fcj3-ghjq |
Exposure of class information in RESTEasy A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. | There are no reported fixed by versions. |
|
VCID-46y3-rx34-pyc6
Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx |
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | There are no reported fixed by versions. |
|
VCID-4rxk-nhwr-ffad
Aliases: CVE-2021-37714 GHSA-m72m-mhq2-9p6c |
Uncaught Exception jsoup is a Java library for working with HTML. Those using jsoup to parse untrusted HTML or XML may be vulnerable to DoS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. | There are no reported fixed by versions. |
|
VCID-7qwz-74p6-yqhs
Aliases: CVE-2021-3642 GHSA-5499-qjvh-6j7w |
Observable Discrepancy in Wildfly Elytron A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final. | There are no reported fixed by versions. |
|
VCID-q6t7-9mjk-7fdd
Aliases: CVE-2021-3717 GHSA-p9xf-3rm3-qh2h |
Wildfly-Core user account mismanagement A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | There are no reported fixed by versions. |
|
VCID-yn69-8upm-7yc2
Aliases: CVE-2021-3629 GHSA-rf6q-vx79-mjxr |
Undertow Uncontrolled Resource Consumption A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||