Search for packages
| purl | pkg:rpm/redhat/eap7-hal-console@3.0.20-1.Final_redhat_00001.1?arch=el6eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3mgs-vrus-q3ag
Aliases: CVE-2019-20445 GHSA-p2v9-g2qv-p635 |
HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. | There are no reported fixed by versions. |
|
VCID-6r6v-dxqb-3fe1
Aliases: CVE-2019-0210 GHSA-jq7p-26h5-w78r |
Out-of-bounds read in Apache Thrift In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | There are no reported fixed by versions. |
|
VCID-6zc1-mdqf-nqbd
Aliases: CVE-2019-14887 |
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use | There are no reported fixed by versions. |
|
VCID-bhq3-j6aj-1yae
Aliases: CVE-2019-10086 GHSA-6phf-73q6-gh87 |
Insecure Deserialization in Apache Commons Beanutils In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | There are no reported fixed by versions. |
|
VCID-degg-m3tz-9ubj
Aliases: CVE-2019-12400 GHSA-4q98-wr72-h35w |
Improper input validation in Apache Santuario XML Security for Java In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. | There are no reported fixed by versions. |
|
VCID-m9t3-3sxz-8faz
Aliases: CVE-2019-20444 GHSA-cqqj-4p63-rrmm |
HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | There are no reported fixed by versions. |
|
VCID-r7tw-km29-4bdp
Aliases: CVE-2020-7238 GHSA-ff2w-cq2g-wv5f |
HTTP Request Smuggling in Netty Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | There are no reported fixed by versions. |
|
VCID-y1ca-jr94-kfb4
Aliases: CVE-2019-0205 GHSA-rj7p-rfgp-852x |
Multiple vulnerabilities have been found in Apache Thrift, the worst of which could result in a Denial of Service condition. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||