VulnerableCode Package Details - pkg:rpm/redhat/hibernate4-validator@4.3.1-2.Final_redhat_1.1.ep6?arch=el6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/hibernate4-validator@4.3.1-2.Final_redhat_1.1.ep6?arch=el6

Essentials
History (15)

purl	pkg:rpm/redhat/hibernate4-validator@4.3.1-2.Final_redhat_1.1.ep6?arch=el6

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-1yu9-avtx-cybv Aliases: CVE-2015-1844	foreman: API not scoping resources to taxonomies	There are no reported fixed by versions.
VCID-1zk6-7wv2-ukcz Aliases: CVE-2014-0118	A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.	There are no reported fixed by versions.
VCID-2khv-6pu7-akga Aliases: CVE-2014-0193 GHSA-7vpq-g998-qpv7	WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.	There are no reported fixed by versions.
VCID-7f1h-1fw8-k7c4 Aliases: CVE-2015-3155	foreman: the _session_id cookie is issued without the Secure flag	There are no reported fixed by versions.
VCID-8wen-twwa-8khm Aliases: CVE-2014-3653	foreman: cross-site scripting (XSS) flaw in template preview screen	There are no reported fixed by versions.
VCID-a1by-zvtm-akdc Aliases: CVE-2014-0227 GHSA-42j3-498q-m6vp	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.	There are no reported fixed by versions.
VCID-kpew-rarv-83dg Aliases: CVE-2014-0231	A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.	There are no reported fixed by versions.
VCID-p2wu-7yjs-bufa Aliases: CVE-2014-3464	WS: Incomplete fix for CVE-2013-2133	There are no reported fixed by versions.
VCID-rc65-py17-kuhm Aliases: CVE-2015-1816	foreman: lack of SSL certificate validation when performing LDAPS authentication	There are no reported fixed by versions.
VCID-sqjb-qpyd-p7gn Aliases: CVE-2015-3235	foreman: edit_users permission allows changing of admin passwords	There are no reported fixed by versions.
VCID-tbud-pwyt-aye9 Aliases: CVE-2014-0226	A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.	There are no reported fixed by versions.
VCID-tbug-mv5x-uucb Aliases: CVE-2013-4346 GHSA-4433-4cxq-vv73 PYSEC-2014-85	The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.	There are no reported fixed by versions.
VCID-utxw-251d-gfff Aliases: CVE-2014-3590	rhn_satellite_6: cross-site request forgery (CSRF) can force logout	There are no reported fixed by versions.
VCID-zkgb-14kz-33dz Aliases: CVE-2013-4347 GHSA-rv8h-p43r-4x5r PYSEC-2014-86	The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.	There are no reported fixed by versions.
VCID-zn4s-5jp5-sbh8 Aliases: CVE-2014-3472	Security: Invalid EJB caller role check implementation	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:52:33.829121+00:00	RedHat Importer	Affected by	VCID-tbug-mv5x-uucb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json	38.0.0
2026-04-01T14:51:33.757164+00:00	RedHat Importer	Affected by	VCID-zkgb-14kz-33dz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json	38.0.0
2026-04-01T14:47:59.438056+00:00	RedHat Importer	Affected by	VCID-2khv-6pu7-akga	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0193.json	38.0.0
2026-04-01T14:47:08.798108+00:00	RedHat Importer	Affected by	VCID-tbud-pwyt-aye9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json	38.0.0
2026-04-01T14:47:01.170359+00:00	RedHat Importer	Affected by	VCID-1zk6-7wv2-ukcz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json	38.0.0
2026-04-01T14:46:54.192228+00:00	RedHat Importer	Affected by	VCID-kpew-rarv-83dg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json	38.0.0
2026-04-01T14:46:38.044068+00:00	RedHat Importer	Affected by	VCID-zn4s-5jp5-sbh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3472.json	38.0.0
2026-04-01T14:46:33.485257+00:00	RedHat Importer	Affected by	VCID-p2wu-7yjs-bufa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3464.json	38.0.0
2026-04-01T14:46:29.616891+00:00	RedHat Importer	Affected by	VCID-utxw-251d-gfff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json	38.0.0
2026-04-01T14:46:07.475669+00:00	RedHat Importer	Affected by	VCID-8wen-twwa-8khm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json	38.0.0
2026-04-01T14:44:08.699114+00:00	RedHat Importer	Affected by	VCID-a1by-zvtm-akdc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json	38.0.0
2026-04-01T14:43:12.041477+00:00	RedHat Importer	Affected by	VCID-rc65-py17-kuhm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json	38.0.0
2026-04-01T14:42:14.637176+00:00	RedHat Importer	Affected by	VCID-1yu9-avtx-cybv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json	38.0.0
2026-04-01T14:41:23.450076+00:00	RedHat Importer	Affected by	VCID-7f1h-1fw8-k7c4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json	38.0.0
2026-04-01T14:40:40.319773+00:00	RedHat Importer	Affected by	VCID-sqjb-qpyd-p7gn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json	38.0.0