VulnerableCode Package Details - pkg:rpm/redhat/qpid-cpp@1.36.0-31?arch=el7amq

Search for packages

Vulnerability	Summary	Fixed by
VCID-1bfp-5ub3-dqbr Aliases: CVE-2020-14307	wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service	There are no reported fixed by versions.
VCID-mz9r-j78c-dfe3 Aliases: CVE-2020-9488 GHSA-vwqq-5vrc-xw9h	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.	There are no reported fixed by versions.
VCID-twvp-wxff-zka2 Aliases: CVE-2020-11113 GHSA-9vvp-fxw6-jcxr	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).	There are no reported fixed by versions.
VCID-zea8-w4br-6qas Aliases: CVE-2020-14297 GHSA-qcch-9268-59jw	Wildfly EJB Client causes DoS A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1bfp-5ub3-dqbr
Aliases:
CVE-2020-14307

wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

There are no reported fixed by versions.

VCID-mz9r-j78c-dfe3
Aliases:
CVE-2020-9488
GHSA-vwqq-5vrc-xw9h

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

There are no reported fixed by versions.

VCID-twvp-wxff-zka2
Aliases:
CVE-2020-11113
GHSA-9vvp-fxw6-jcxr

jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

There are no reported fixed by versions.

VCID-zea8-w4br-6qas
Aliases:
CVE-2020-14297
GHSA-qcch-9268-59jw

Wildfly EJB Client causes DoS A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:09:28.395552+00:00	RedHat Importer	Affected by	VCID-twvp-wxff-zka2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json	38.0.0
2026-04-01T14:08:39.335131+00:00	RedHat Importer	Affected by	VCID-mz9r-j78c-dfe3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9488.json	38.0.0
2026-04-01T14:05:41.071775+00:00	RedHat Importer	Affected by	VCID-zea8-w4br-6qas	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14297.json	38.0.0
2026-04-01T14:05:36.980240+00:00	RedHat Importer	Affected by	VCID-1bfp-5ub3-dqbr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14307.json	38.0.0