VulnerableCode Package Details - pkg:rpm/redhat/openmotif21@2.1.30-9.RHEL3?arch=8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/openmotif21@2.1.30-9.RHEL3?arch=8

Essentials
History (37)

purl	pkg:rpm/redhat/openmotif21@2.1.30-9.RHEL3?arch=8

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (37)

Vulnerability	Summary	Fixed by
VCID-18j8-kwdv-dyak Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc	Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.	There are no reported fixed by versions.
VCID-27q8-96un-9fbk Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r	Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.	There are no reported fixed by versions.
VCID-2jnv-segx-zkfd Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq	Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.	There are no reported fixed by versions.
VCID-3fbs-tg62-affp Aliases: CVE-2007-2789	BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code.	There are no reported fixed by versions.
VCID-3wbg-bxvj-1kca Aliases: CVE-2004-0885	An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration.	There are no reported fixed by versions.
VCID-4vg2-5kjx-7fge Aliases: CVE-2005-3964	Two buffer overflows have been discovered in libUil, part of the OpenMotif toolkit, that can potentially lead to the execution of arbitrary code.	There are no reported fixed by versions.
VCID-526j-yt52-53ag Aliases: CVE-2005-0605	libxpm buffer overflow	There are no reported fixed by versions.
VCID-6d1j-1n1r-7khr Aliases: CVE-2006-0254 GHSA-2jxh-3cx8-xw65	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.	There are no reported fixed by versions.
VCID-6epr-2hbd-skcz Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	There are no reported fixed by versions.
VCID-6p3e-4u8s-17ep Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.	There are no reported fixed by versions.
VCID-7969-7a8h-zyhh Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.	There are no reported fixed by versions.
VCID-87p8-zvvf-y7dm Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.	There are no reported fixed by versions.
VCID-88v7-kc2y-bfd7 Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr	Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.	There are no reported fixed by versions.
VCID-9p71-wr2h-4qdp Aliases: CVE-2007-1860	A directory traversal vulnerability has been discovered in Apache mod_jk.	There are no reported fixed by versions.
VCID-9zzc-scyf-ckdb Aliases: CVE-2007-1349	The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions.	There are no reported fixed by versions.
VCID-bhq7-d545-27bj Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98	Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.	There are no reported fixed by versions.
VCID-dqkp-f1my-dbg9 Aliases: CVE-2007-5000	A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.	There are no reported fixed by versions.
VCID-e847-axx8-guct Aliases: CVE-2004-0914	openmotif21 stack overflows in libxpm	There are no reported fixed by versions.
VCID-j3mb-97k1-uuh9 Aliases: CVE-2006-5752	A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.	There are no reported fixed by versions.
VCID-jt5d-3ema-nkdh Aliases: CVE-2006-7197 GHSA-jpqr-vh55-xqxf	Apache Tomcat Buffer Over-Read The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the `ajp_process_callback` in mod_jk, which allows remote attackers to read portions of sensitive memory.	There are no reported fixed by versions.
VCID-jvhf-ecm7-fbb8 Aliases: CVE-2007-4465	Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information.	There are no reported fixed by versions.
VCID-kgpj-aexq-7kah Aliases: CVE-2007-6388	A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.	There are no reported fixed by versions.
VCID-peya-mr7j-vugf Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq	Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.	There are no reported fixed by versions.
VCID-q7jp-hn4a-4kec Aliases: CVE-2005-4838	Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.	There are no reported fixed by versions.
VCID-qdck-q54n-rkcv Aliases: CVE-2008-0128	The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.	There are no reported fixed by versions.
VCID-qhun-34fa-xygm Aliases: CVE-2007-2435	Multiple vulnerabilities have been discovered in emul-linux-x86-java, possibly resulting in the execution of arbitrary code or a Denial of Service.	There are no reported fixed by versions.
VCID-qxkf-4ddv-j3b7 Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v	Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".	There are no reported fixed by versions.
VCID-rgqm-umh2-pkc2 Aliases: CVE-2004-0688	openmotif21 stack overflows in libxpm	There are no reported fixed by versions.
VCID-s828-4jhd-3be6 Aliases: CVE-2007-2788	BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code.	There are no reported fixed by versions.
VCID-shkc-uvbb-3bgc Aliases: CVE-2007-0243	Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Sun Java Runtime Environment (JRE).	There are no reported fixed by versions.
VCID-skar-qk57-qkdv Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm	Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.	There are no reported fixed by versions.
VCID-srxw-jjvr-p3d5 Aliases: CVE-2007-3304	The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.	There are no reported fixed by versions.
VCID-tcju-3rvu-wkht Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2	Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.	There are no reported fixed by versions.
VCID-tura-v7rv-ykda Aliases: CVE-2006-1329	jabberd SASL DoS	There are no reported fixed by versions.
VCID-ua4c-qyvs-7bfg Aliases: CVE-2006-0898	Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption.	There are no reported fixed by versions.
VCID-w7g5-angw-yfcp Aliases: CVE-2007-6306	JFreeChart: XSS vulnerabilities in the image map feature	There are no reported fixed by versions.
VCID-y3e9-1986-ebdn Aliases: CVE-2004-0687	openmotif21 stack overflows in libxpm	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:00:51.213096+00:00	RedHat Importer	Affected by	VCID-e847-axx8-guct	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0914.json	38.0.0
2026-04-01T15:00:50.887542+00:00	RedHat Importer	Affected by	VCID-rgqm-umh2-pkc2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0688.json	38.0.0
2026-04-01T15:00:49.860211+00:00	RedHat Importer	Affected by	VCID-3wbg-bxvj-1kca	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0885.json	38.0.0
2026-04-01T15:00:49.488731+00:00	RedHat Importer	Affected by	VCID-y3e9-1986-ebdn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0687.json	38.0.0
2026-04-01T15:00:46.503826+00:00	RedHat Importer	Affected by	VCID-q7jp-hn4a-4kec	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4838.json	38.0.0
2026-04-01T15:00:40.969404+00:00	RedHat Importer	Affected by	VCID-526j-yt52-53ag	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0605.json	38.0.0
2026-04-01T15:00:35.964327+00:00	RedHat Importer	Affected by	VCID-6epr-2hbd-skcz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json	38.0.0
2026-04-01T15:00:29.922054+00:00	RedHat Importer	Affected by	VCID-18j8-kwdv-dyak	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3510.json	38.0.0
2026-04-01T15:00:28.977880+00:00	RedHat Importer	Affected by	VCID-4vg2-5kjx-7fge	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3964.json	38.0.0
2026-04-01T15:00:26.339026+00:00	RedHat Importer	Affected by	VCID-6d1j-1n1r-7khr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0254.json	38.0.0
2026-04-01T15:00:25.340549+00:00	RedHat Importer	Affected by	VCID-ua4c-qyvs-7bfg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0898.json	38.0.0
2026-04-01T15:00:24.780800+00:00	RedHat Importer	Affected by	VCID-jt5d-3ema-nkdh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7197.json	38.0.0
2026-04-01T15:00:24.483484+00:00	RedHat Importer	Affected by	VCID-tura-v7rv-ykda	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1329.json	38.0.0
2026-04-01T15:00:18.125530+00:00	RedHat Importer	Affected by	VCID-2jnv-segx-zkfd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3835.json	38.0.0
2026-04-01T15:00:10.423494+00:00	RedHat Importer	Affected by	VCID-qdck-q54n-rkcv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json	38.0.0
2026-04-01T15:00:09.052592+00:00	RedHat Importer	Affected by	VCID-shkc-uvbb-3bgc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0243.json	38.0.0
2026-04-01T14:59:56.899325+00:00	RedHat Importer	Affected by	VCID-87p8-zvvf-y7dm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json	38.0.0
2026-04-01T14:59:55.658409+00:00	RedHat Importer	Affected by	VCID-9zzc-scyf-ckdb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1349.json	38.0.0
2026-04-01T14:59:53.408092+00:00	RedHat Importer	Affected by	VCID-skar-qk57-qkdv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7195.json	38.0.0
2026-04-01T14:59:52.682865+00:00	RedHat Importer	Affected by	VCID-bhq7-d545-27bj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7196.json	38.0.0
2026-04-01T14:59:52.050972+00:00	RedHat Importer	Affected by	VCID-qhun-34fa-xygm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2435.json	38.0.0
2026-04-01T14:59:50.094763+00:00	RedHat Importer	Affected by	VCID-27q8-96un-9fbk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json	38.0.0
2026-04-01T14:59:49.634960+00:00	RedHat Importer	Affected by	VCID-3fbs-tg62-affp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2789.json	38.0.0
2026-04-01T14:59:49.120813+00:00	RedHat Importer	Affected by	VCID-s828-4jhd-3be6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2788.json	38.0.0
2026-04-01T14:59:48.814424+00:00	RedHat Importer	Affected by	VCID-9p71-wr2h-4qdp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1860.json	38.0.0
2026-04-01T14:59:46.638383+00:00	RedHat Importer	Affected by	VCID-qxkf-4ddv-j3b7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json	38.0.0
2026-04-01T14:59:45.911942+00:00	RedHat Importer	Affected by	VCID-tcju-3rvu-wkht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2450.json	38.0.0
2026-04-01T14:59:45.536459+00:00	RedHat Importer	Affected by	VCID-peya-mr7j-vugf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json	38.0.0
2026-04-01T14:59:44.711406+00:00	RedHat Importer	Affected by	VCID-srxw-jjvr-p3d5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3304.json	38.0.0
2026-04-01T14:59:43.945788+00:00	RedHat Importer	Affected by	VCID-j3mb-97k1-uuh9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5752.json	38.0.0
2026-04-01T14:59:38.881775+00:00	RedHat Importer	Affected by	VCID-6p3e-4u8s-17ep	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3385.json	38.0.0
2026-04-01T14:59:37.975286+00:00	RedHat Importer	Affected by	VCID-7969-7a8h-zyhh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3382.json	38.0.0
2026-04-01T14:59:35.224161+00:00	RedHat Importer	Affected by	VCID-jvhf-ecm7-fbb8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4465.json	38.0.0
2026-04-01T14:59:31.675702+00:00	RedHat Importer	Affected by	VCID-88v7-kc2y-bfd7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json	38.0.0
2026-04-01T14:59:23.752793+00:00	RedHat Importer	Affected by	VCID-w7g5-angw-yfcp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json	38.0.0
2026-04-01T14:59:22.729188+00:00	RedHat Importer	Affected by	VCID-dqkp-f1my-dbg9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5000.json	38.0.0
2026-04-01T14:59:19.390714+00:00	RedHat Importer	Affected by	VCID-kgpj-aexq-7kah	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6388.json	38.0.0