Search for packages
| purl | pkg:rpm/redhat/eap7-artemis-native@1.1.0-13.redhat_4.ep7?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2pnb-13et-y3hr
Aliases: CVE-2017-2582 GHSA-c77r-6f64-478q |
Information Exposure It was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response. | There are no reported fixed by versions. |
|
VCID-4bbz-11ta-ybft
Aliases: CVE-2014-9970 GHSA-r5c2-rxh2-f5h2 |
jasypt before 1.9.2 allows a timing attack against the password hash comparison. | There are no reported fixed by versions. |
|
VCID-74dr-6hxt-tbgu
Aliases: CVE-2017-5645 GHSA-fxph-q3j8-mv87 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-crf9-zn1q-vya8
Aliases: CVE-2015-6644 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | There are no reported fixed by versions. |
|
VCID-pd7m-bhqf-kkge
Aliases: CVE-2017-7536 GHSA-xxgp-pcfc-3vgc |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:38:25.254169+00:00 | RedHat Importer | Affected by | VCID-crf9-zn1q-vya8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json | 38.0.0 |
| 2026-04-01T14:31:51.627535+00:00 | RedHat Importer | Affected by | VCID-4bbz-11ta-ybft | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9970.json | 38.0.0 |
| 2026-04-01T14:31:29.281066+00:00 | RedHat Importer | Affected by | VCID-74dr-6hxt-tbgu | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5645.json | 38.0.0 |
| 2026-04-01T14:28:13.447791+00:00 | RedHat Importer | Affected by | VCID-pd7m-bhqf-kkge | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json | 38.0.0 |
| 2026-04-01T14:27:43.243156+00:00 | RedHat Importer | Affected by | VCID-2pnb-13et-y3hr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json | 38.0.0 |