VulnerableCode Package Details - pkg:rpm/redhat/hiera@1.3.1-2?arch=el7sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/hiera@1.3.1-2?arch=el7sat

Essentials
History (31)

purl	pkg:rpm/redhat/hiera@1.3.1-2?arch=el7sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.2

Vulnerabilities affecting this package (31)

Vulnerability	Summary	Fixed by
VCID-18aq-72zg-3uc9 Aliases: CVE-2017-2295	puppet: Unsafe YAML deserialization	There are no reported fixed by versions.
VCID-1fgf-s31g-pfac Aliases: CVE-2014-8183	foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization	There are no reported fixed by versions.
VCID-1mw1-384y-huc7 Aliases: CVE-2013-2099	Uncontrolled Resource Consumption Algorithmic complexity vulnerability in the `ssl.match_hostname` function and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.	There are no reported fixed by versions.
VCID-3j8j-qks5-m3ew Aliases: CVE-2016-4451	foreman: privilege escalation through Organization and Locations API	There are no reported fixed by versions.
VCID-3ycr-9smk-uqdc Aliases: CVE-2015-3225 GHSA-rgr4-9jh5-j4j6	Potential Denial of Service Vulnerability Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.	There are no reported fixed by versions.
VCID-4d6e-mx3k-yqgk Aliases: CVE-2016-7078	foreman: Information leak through organizations and locations feature	There are no reported fixed by versions.
VCID-6bhb-kgf4-abe7 Aliases: CVE-2016-8613	foreman: Stored XSS vulnerability in remote execution plugin	There are no reported fixed by versions.
VCID-6hub-g2ja-afaw Aliases: CVE-2016-3693 GHSA-c92m-rrrc-q5wf	Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.	There are no reported fixed by versions.
VCID-6jdw-pp1b-1qan Aliases: CVE-2016-9595	katello-debug: Possible symlink attacks due to use of predictable file names	There are no reported fixed by versions.
VCID-6xkf-evrx-pyau Aliases: CVE-2016-2166 GHSA-f5cf-f7px-xpmh	Exposure of Sensitive Information to an Unauthorized Actor The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.	There are no reported fixed by versions.
VCID-77c9-jb1m-6qe2 Aliases: CVE-2015-0203	qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling	There are no reported fixed by versions.
VCID-7zj1-ye9x-cueu Aliases: CVE-2016-3696	pulp: Leakage of CA key in pulp-qpid-ssl-cfg	There are no reported fixed by versions.
VCID-8fnw-r4f3-xqcg Aliases: CVE-2017-2672	foreman: Image password leak	There are no reported fixed by versions.
VCID-9gb8-xvrc-aqgb Aliases: CVE-2015-0223	qpid-cpp: anonymous access to qpidd cannot be prevented	There are no reported fixed by versions.
VCID-asqu-5r9h-9yav Aliases: CVE-2018-14623 GHSA-jx5v-788g-qw58	SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.	There are no reported fixed by versions.
VCID-avsj-f1g8-yfen Aliases: CVE-2016-6319	foreman: Persistent XSS in Foreman remote execution plugin	There are no reported fixed by versions.
VCID-bvrv-wvt6-8yfy Aliases: CVE-2017-2667 GHSA-77h8-xr85-3x5q	Improper Certificate Validation Hammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.	There are no reported fixed by versions.
VCID-cc8z-r1zy-23f2 Aliases: CVE-2016-4995	foreman: Information disclosure in provisioning template previews	There are no reported fixed by versions.
VCID-dfb9-31gj-57fs Aliases: CVE-2016-8634	foreman: Stored XSS in org/loc wizard	There are no reported fixed by versions.
VCID-dh5x-wb2a-1ufj Aliases: CVE-2013-6459 GHSA-8r6h-7x9g-xmw9 OSV-101138	XSS vulnerabiliy in generated pagination links The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.	There are no reported fixed by versions.
VCID-dtva-ze8n-vycd Aliases: CVE-2016-4996	foreman: inside discovery-debug, the root password is displayed in plaintext	There are no reported fixed by versions.
VCID-e488-4fjn-z3g2 Aliases: CVE-2016-7077	foreman: Foreman information leak through unauthorized multiple_checkboxes helper	There are no reported fixed by versions.
VCID-egve-f1uw-nfff Aliases: CVE-2016-9593	foreman-debug: missing obfuscation of sensitive information	There are no reported fixed by versions.
VCID-fq2t-c2nv-23ce Aliases: CVE-2015-1609	A vulnerability in MongoDB can lead to a Denial of Service condition.	There are no reported fixed by versions.
VCID-jfqz-9a6e-jff7 Aliases: CVE-2016-2100	foreman: Unprivileged user can access private bookmarks of other users	There are no reported fixed by versions.
VCID-kra9-9yr7-nbg6 Aliases: CVE-2017-15699	Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect	There are no reported fixed by versions.
VCID-p8ab-a4gk-eyd2 Aliases: CVE-2016-1669	Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.	There are no reported fixed by versions.
VCID-ph9r-qphf-8fam Aliases: CVE-2016-3704	pulp: Unsafe use of bash $RANDOM for NSS DB password and seed	There are no reported fixed by versions.
VCID-sa68-rwqe-tfgp Aliases: CVE-2016-8639	foreman: Stored XSS via organization/location with HTML in name	There are no reported fixed by versions.
VCID-va8w-uzhc-x3bz Aliases: CVE-2013-6668	security update	There are no reported fixed by versions.
VCID-vhxh-tpay-mbh3 Aliases: CVE-2015-0224	qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:51:07.150273+00:00	RedHat Importer	Affected by	VCID-1mw1-384y-huc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json	38.0.0
2026-04-01T14:49:11.326487+00:00	RedHat Importer	Affected by	VCID-dh5x-wb2a-1ufj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json	38.0.0
2026-04-01T14:48:47.701738+00:00	RedHat Importer	Affected by	VCID-va8w-uzhc-x3bz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json	38.0.0
2026-04-01T14:44:53.119269+00:00	RedHat Importer	Affected by	VCID-77c9-jb1m-6qe2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0203.json	38.0.0
2026-04-01T14:44:32.433673+00:00	RedHat Importer	Affected by	VCID-9gb8-xvrc-aqgb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0223.json	38.0.0
2026-04-01T14:44:26.626461+00:00	RedHat Importer	Affected by	VCID-vhxh-tpay-mbh3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0224.json	38.0.0
2026-04-01T14:43:25.647576+00:00	RedHat Importer	Affected by	VCID-jfqz-9a6e-jff7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2100.json	38.0.0
2026-04-01T14:43:21.106813+00:00	RedHat Importer	Affected by	VCID-fq2t-c2nv-23ce	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1609.json	38.0.0
2026-04-01T14:40:37.414663+00:00	RedHat Importer	Affected by	VCID-3ycr-9smk-uqdc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json	38.0.0
2026-04-01T14:37:37.188215+00:00	RedHat Importer	Affected by	VCID-6xkf-evrx-pyau	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json	38.0.0
2026-04-01T14:37:11.539464+00:00	RedHat Importer	Affected by	VCID-6hub-g2ja-afaw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json	38.0.0
2026-04-01T14:37:05.699727+00:00	RedHat Importer	Affected by	VCID-7zj1-ye9x-cueu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json	38.0.0
2026-04-01T14:37:01.340770+00:00	RedHat Importer	Affected by	VCID-ph9r-qphf-8fam	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json	38.0.0
2026-04-01T14:36:37.265656+00:00	RedHat Importer	Affected by	VCID-p8ab-a4gk-eyd2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json	38.0.0
2026-04-01T14:36:33.204246+00:00	RedHat Importer	Affected by	VCID-sa68-rwqe-tfgp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json	38.0.0
2026-04-01T14:36:29.327556+00:00	RedHat Importer	Affected by	VCID-3j8j-qks5-m3ew	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json	38.0.0
2026-04-01T14:36:14.731488+00:00	RedHat Importer	Affected by	VCID-dtva-ze8n-vycd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json	38.0.0
2026-04-01T14:36:13.846431+00:00	RedHat Importer	Affected by	VCID-cc8z-r1zy-23f2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json	38.0.0
2026-04-01T14:35:37.843595+00:00	RedHat Importer	Affected by	VCID-avsj-f1g8-yfen	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json	38.0.0
2026-04-01T14:34:07.568839+00:00	RedHat Importer	Affected by	VCID-e488-4fjn-z3g2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json	38.0.0
2026-04-01T14:34:06.096829+00:00	RedHat Importer	Affected by	VCID-4d6e-mx3k-yqgk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json	38.0.0
2026-04-01T14:33:58.494659+00:00	RedHat Importer	Affected by	VCID-6bhb-kgf4-abe7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json	38.0.0
2026-04-01T14:33:36.993410+00:00	RedHat Importer	Affected by	VCID-dfb9-31gj-57fs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json	38.0.0
2026-04-01T14:32:51.422132+00:00	RedHat Importer	Affected by	VCID-egve-f1uw-nfff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json	38.0.0
2026-04-01T14:32:50.318618+00:00	RedHat Importer	Affected by	VCID-6jdw-pp1b-1qan	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json	38.0.0
2026-04-01T14:31:33.222906+00:00	RedHat Importer	Affected by	VCID-bvrv-wvt6-8yfy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json	38.0.0
2026-04-01T14:31:21.356247+00:00	RedHat Importer	Affected by	VCID-8fnw-r4f3-xqcg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json	38.0.0
2026-04-01T14:30:59.062723+00:00	RedHat Importer	Affected by	VCID-18aq-72zg-3uc9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json	38.0.0
2026-04-01T14:29:10.584813+00:00	RedHat Importer	Affected by	VCID-1fgf-s31g-pfac	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json	38.0.0
2026-04-01T14:26:10.817542+00:00	RedHat Importer	Affected by	VCID-kra9-9yr7-nbg6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json	38.0.0
2026-04-01T14:21:25.366506+00:00	RedHat Importer	Affected by	VCID-asqu-5r9h-9yav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json	38.0.0