Search for packages
| purl | pkg:rpm/redhat/jbossas-modules-eap@7.5.21-1.Final_redhat_1.1.ep6?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2pnb-13et-y3hr
Aliases: CVE-2017-2582 GHSA-c77r-6f64-478q |
Information Exposure It was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response. | There are no reported fixed by versions. |
|
VCID-aeeu-fpay-wufz
Aliases: CVE-2018-1336 GHSA-m59c-jpc8-m2x4 |
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. | There are no reported fixed by versions. |
|
VCID-kwyu-yq4w-kqe4
Aliases: CVE-2018-10237 GHSA-mvr2-9pj6-7w5j |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | There are no reported fixed by versions. |
|
VCID-pd7m-bhqf-kkge
Aliases: CVE-2017-7536 GHSA-xxgp-pcfc-3vgc |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:28:30.040362+00:00 | RedHat Importer | Affected by | VCID-pd7m-bhqf-kkge | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json | 38.0.0 |
| 2026-04-01T14:28:04.411658+00:00 | RedHat Importer | Affected by | VCID-2pnb-13et-y3hr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json | 38.0.0 |
| 2026-04-01T14:25:14.436224+00:00 | RedHat Importer | Affected by | VCID-kwyu-yq4w-kqe4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10237.json | 38.0.0 |
| 2026-04-01T14:23:13.751612+00:00 | RedHat Importer | Affected by | VCID-aeeu-fpay-wufz | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1336.json | 38.0.0 |