Search for packages
| purl | pkg:rpm/redhat/rh-sso7-libunix-dbus-java@0.8.0-2?arch=el7sso |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4kdg-asyc-rbdx
Aliases: CVE-2019-10184 GHSA-w69w-jvc7-wjgv |
Undertow Missing Authorization when requesting a protected directory without trailing slash undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. | There are no reported fixed by versions. |
|
VCID-4wpu-jga7-9fer
Aliases: CVE-2019-14832 GHSA-8prc-58j4-m55q |
Keycloak Unauthenticated Access A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | There are no reported fixed by versions. |
|
VCID-56sb-829v-6qbz
Aliases: CVE-2019-12814 GHSA-cmfg-87vq-g5g4 |
Information Disclosure A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. | There are no reported fixed by versions. |
|
VCID-9wej-f7zx-pfeq
Aliases: CVE-2019-12086 GHSA-5ww9-j83m-q7qx |
Information exposure in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. | There are no reported fixed by versions. |
|
VCID-sghy-8wey-5yg5
Aliases: CVE-2019-14820 GHSA-xfqh-7356-vqjj |
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | There are no reported fixed by versions. |
|
VCID-wg36-q48g-mkds
Aliases: CVE-2019-14379 GHSA-6fpp-rgj9-8rwc |
Deserialization of untrusted data in FasterXML jackson-databind SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||