Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libcgroup@0.40.rc1-18?arch=el6_8
purl pkg:rpm/redhat/libcgroup@0.40.rc1-18?arch=el6_8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (14)
Vulnerability Summary Fixed by
VCID-32uq-r1e7-3ub4
Aliases:
CVE-2015-7501
GHSA-fjq5-5j5f-mvxh
InvokerTransformer code execution during deserialization This package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. There are no reported fixed by versions.
VCID-3bxq-vmjj-kqfe
Aliases:
CVE-2014-3577
GHSA-cfh5-3ghh-wfjx
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. There are no reported fixed by versions.
VCID-3keu-g1gc-kyhf
Aliases:
CVE-2016-0791
GHSA-jmw7-ph6p-33cc
Information Exposure Jenkins does not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. There are no reported fixed by versions.
VCID-4tt7-hwz7-nfhf
Aliases:
CVE-2016-0792
GHSA-45rg-g72w-r393
Jenkins allows Deserialization of Untrusted Data via an XML File Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. There are no reported fixed by versions.
VCID-5tfj-bm2b-ffhm
Aliases:
CVE-2016-3727
GHSA-6cr3-cm5h-8q96
Jenkins Exposes Sensitive Information via API URL The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. There are no reported fixed by versions.
VCID-891k-xz71-guc5
Aliases:
CVE-2016-0788
GHSA-j7q5-h445-f7pc
Jenkins allows Execution of Code by Opening a JRMP Listener The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. There are no reported fixed by versions.
VCID-8y2p-df9x-a7cp
Aliases:
CVE-2016-3722
GHSA-3857-xm38-jmq2
Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name". There are no reported fixed by versions.
VCID-b69p-t71y-hbhd
Aliases:
CVE-2016-3726
GHSA-rx4r-gxpc-h85x
Jenkins affected by Open Redirect Vulnerability Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. There are no reported fixed by versions.
VCID-jaty-3r2s-pqc2
Aliases:
CVE-2016-3721
GHSA-qf2h-h3xq-j93j
Jenkins allows Remote Users to Inject Build Parameters Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. There are no reported fixed by versions.
VCID-kt3k-9uyt-13d1
Aliases:
CVE-2016-3724
GHSA-7vvj-qqvj-h8mc
Jenkins Exposes Sensitive Information from Job Configuration Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. There are no reported fixed by versions.
VCID-p7v4-63fw-kqaj
Aliases:
CVE-2016-0790
GHSA-jgpr-qrw2-6gp3
Information Exposure Jenkins does not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. There are no reported fixed by versions.
VCID-puux-2z74-3yea
Aliases:
CVE-2016-3723
GHSA-8572-5jrg-mx52
Information Exposure Jenkins allows remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. There are no reported fixed by versions.
VCID-y5vs-8bqz-sqf5
Aliases:
CVE-2016-0789
GHSA-8p3c-m625-wh83
Jenkins has CRLF Injection Vulnerability in the CLI CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. There are no reported fixed by versions.
VCID-yvec-gpmh-73hq
Aliases:
CVE-2016-3725
GHSA-59fm-6x3q-q3q5
Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permission check. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:46:24.216759+00:00 RedHat Importer Affected by VCID-3bxq-vmjj-kqfe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3577.json 38.0.0
2026-04-01T14:39:11.263728+00:00 RedHat Importer Affected by VCID-32uq-r1e7-3ub4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7501.json 38.0.0
2026-04-01T14:37:45.946126+00:00 RedHat Importer Affected by VCID-4tt7-hwz7-nfhf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0792.json 38.0.0
2026-04-01T14:37:45.522905+00:00 RedHat Importer Affected by VCID-3keu-g1gc-kyhf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0791.json 38.0.0
2026-04-01T14:37:45.104284+00:00 RedHat Importer Affected by VCID-p7v4-63fw-kqaj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0790.json 38.0.0
2026-04-01T14:37:44.683999+00:00 RedHat Importer Affected by VCID-y5vs-8bqz-sqf5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0789.json 38.0.0
2026-04-01T14:37:44.265647+00:00 RedHat Importer Affected by VCID-891k-xz71-guc5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0788.json 38.0.0
2026-04-01T14:36:36.350400+00:00 RedHat Importer Affected by VCID-5tfj-bm2b-ffhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3727.json 38.0.0
2026-04-01T14:36:35.969021+00:00 RedHat Importer Affected by VCID-b69p-t71y-hbhd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3726.json 38.0.0
2026-04-01T14:36:35.558405+00:00 RedHat Importer Affected by VCID-yvec-gpmh-73hq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3725.json 38.0.0
2026-04-01T14:36:35.146767+00:00 RedHat Importer Affected by VCID-kt3k-9uyt-13d1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3724.json 38.0.0
2026-04-01T14:36:34.735901+00:00 RedHat Importer Affected by VCID-puux-2z74-3yea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3723.json 38.0.0
2026-04-01T14:36:34.334778+00:00 RedHat Importer Affected by VCID-8y2p-df9x-a7cp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3722.json 38.0.0
2026-04-01T14:36:33.918033+00:00 RedHat Importer Affected by VCID-jaty-3r2s-pqc2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3721.json 38.0.0