Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rhvm-appliance@4.2-20180504?arch=0
purl pkg:rpm/redhat/rhvm-appliance@4.2-20180504?arch=0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2ez8-r9wv-53du
Aliases:
CVE-2017-12196
GHSA-cp7v-vmv7-6x2q
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. There are no reported fixed by versions.
VCID-3jh2-znva-2bb6
Aliases:
CVE-2018-7750
GHSA-232r-66cg-79px
PYSEC-2018-19
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. There are no reported fixed by versions.
VCID-fzrt-143x-tqdd
Aliases:
CVE-2018-8088
GHSA-w77p-8cfg-2x43
Improper Access Control in SLF4J org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. There are no reported fixed by versions.
VCID-ngbm-4qyk-s3he
Aliases:
CVE-2018-1073
ovirt-engine: account enumeration through login to web console There are no reported fixed by versions.
VCID-r42j-jg5s-auda
Aliases:
CVE-2018-1111
dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script There are no reported fixed by versions.
VCID-unwq-s63h-uuaw
Aliases:
CVE-2018-5968
GHSA-w3f4-3q6j-rh82
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:26:31.145335+00:00 RedHat Importer Affected by VCID-unwq-s63h-uuaw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json 38.0.0
2026-04-01T14:26:03.922017+00:00 RedHat Importer Affected by VCID-fzrt-143x-tqdd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8088.json 38.0.0
2026-04-01T14:25:48.481180+00:00 RedHat Importer Affected by VCID-2ez8-r9wv-53du https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json 38.0.0
2026-04-01T14:25:48.240447+00:00 RedHat Importer Affected by VCID-3jh2-znva-2bb6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7750.json 38.0.0
2026-04-01T14:24:52.078141+00:00 RedHat Importer Affected by VCID-ngbm-4qyk-s3he https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1073.json 38.0.0
2026-04-01T14:24:51.939635+00:00 RedHat Importer Affected by VCID-r42j-jg5s-auda https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1111.json 38.0.0