Search for packages
| purl | pkg:rpm/redhat/jbossas-modules-eap@7.5.22-1.Final_redhat_1.1.ep6?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g7n5-h7g7-uqbn
Aliases: CVE-2018-10934 |
wildfly-core: Cross-site scripting (XSS) in JBoss Management Console | There are no reported fixed by versions. |
|
VCID-m2zn-ja8d-7kg8
Aliases: CVE-2018-8034 GHSA-46j3-r4pj-4835 |
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | There are no reported fixed by versions. |
|
VCID-nmya-eyxd-9ybe
Aliases: CVE-2018-1000632 GHSA-6pcc-3rfx-4gpm |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:34.746231+00:00 | RedHat Importer | Affected by | VCID-nmya-eyxd-9ybe | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json | 38.0.0 |
| 2026-04-01T14:23:05.432936+00:00 | RedHat Importer | Affected by | VCID-m2zn-ja8d-7kg8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8034.json | 38.0.0 |
| 2026-04-01T14:22:46.173242+00:00 | RedHat Importer | Affected by | VCID-g7n5-h7g7-uqbn | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10934.json | 38.0.0 |