Search for packages
| purl | pkg:rpm/redhat/jboss-as-naming@7.5.21-1.Final_redhat_1.1.ep6?arch=el5 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8vur-ca33-87h2
Aliases: CVE-2017-2582 GHSA-c77r-6f64-478q |
keycloak-core discloses system properties It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. | There are no reported fixed by versions. |
|
VCID-g19h-dupm-8qef
Aliases: CVE-2017-7536 GHSA-xxgp-pcfc-3vgc |
Privilege Escalation in Hibernate Validator In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | There are no reported fixed by versions. |
|
VCID-r645-by7x-bfdh
Aliases: CVE-2018-10237 GHSA-mvr2-9pj6-7w5j |
Denial of Service in Google Guava Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | There are no reported fixed by versions. |
|
VCID-zess-12ab-aqaf
Aliases: CVE-2018-1336 GHSA-m59c-jpc8-m2x4 |
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-29T09:44:54.589869+00:00 | RedHat Importer | Affected by | VCID-g19h-dupm-8qef | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json | 38.6.0 |
| 2026-05-29T09:44:22.642298+00:00 | RedHat Importer | Affected by | VCID-8vur-ca33-87h2 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json | 38.6.0 |
| 2026-05-29T09:39:54.696131+00:00 | RedHat Importer | Affected by | VCID-r645-by7x-bfdh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10237.json | 38.6.0 |
| 2026-05-29T09:37:40.309527+00:00 | RedHat Importer | Affected by | VCID-zess-12ab-aqaf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1336.json | 38.6.0 |