Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/ruby-shadow@1.4.1-21?arch=el7
purl pkg:rpm/redhat/ruby-shadow@1.4.1-21?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (18)
Vulnerability Summary Fixed by
VCID-1mw1-384y-huc7
Aliases:
CVE-2013-2099
Uncontrolled Resource Consumption Algorithmic complexity vulnerability in the `ssl.match_hostname` function and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. There are no reported fixed by versions.
VCID-1yu9-avtx-cybv
Aliases:
CVE-2015-1844
foreman: API not scoping resources to taxonomies There are no reported fixed by versions.
VCID-3ycr-9smk-uqdc
Aliases:
CVE-2015-3225
GHSA-rgr4-9jh5-j4j6
Potential Denial of Service Vulnerability Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack. There are no reported fixed by versions.
VCID-6xkf-evrx-pyau
Aliases:
CVE-2016-2166
GHSA-f5cf-f7px-xpmh
Exposure of Sensitive Information to an Unauthorized Actor The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. There are no reported fixed by versions.
VCID-77c9-jb1m-6qe2
Aliases:
CVE-2015-0203
qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling There are no reported fixed by versions.
VCID-7f1h-1fw8-k7c4
Aliases:
CVE-2015-3155
foreman: the _session_id cookie is issued without the Secure flag There are no reported fixed by versions.
VCID-8wen-twwa-8khm
Aliases:
CVE-2014-3653
foreman: cross-site scripting (XSS) flaw in template preview screen There are no reported fixed by versions.
VCID-9gb8-xvrc-aqgb
Aliases:
CVE-2015-0223
qpid-cpp: anonymous access to qpidd cannot be prevented There are no reported fixed by versions.
VCID-bysx-t7fz-5kdk
Aliases:
CVE-2015-5245
Ceph: RGW returns requested bucket name raw in Bucket response header There are no reported fixed by versions.
VCID-fq2t-c2nv-23ce
Aliases:
CVE-2015-1609
A vulnerability in MongoDB can lead to a Denial of Service condition. There are no reported fixed by versions.
VCID-jau7-gfz8-dkfa
Aliases:
CVE-2009-3555
GHSA-f7w7-6pjc-wwm6
VU#120541
The renegotiation vulnerability in SSL protocol There are no reported fixed by versions.
VCID-jfqz-9a6e-jff7
Aliases:
CVE-2016-2100
foreman: Unprivileged user can access private bookmarks of other users There are no reported fixed by versions.
VCID-rc65-py17-kuhm
Aliases:
CVE-2015-1816
foreman: lack of SSL certificate validation when performing LDAPS authentication There are no reported fixed by versions.
VCID-sqjb-qpyd-p7gn
Aliases:
CVE-2015-3235
foreman: edit_users permission allows changing of admin passwords There are no reported fixed by versions.
VCID-tbug-mv5x-uucb
Aliases:
CVE-2013-4346
GHSA-4433-4cxq-vv73
PYSEC-2014-85
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. There are no reported fixed by versions.
VCID-va8w-uzhc-x3bz
Aliases:
CVE-2013-6668
security update There are no reported fixed by versions.
VCID-vhxh-tpay-mbh3
Aliases:
CVE-2015-0224
qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix) There are no reported fixed by versions.
VCID-zkgb-14kz-33dz
Aliases:
CVE-2013-4347
GHSA-rv8h-p43r-4x5r
PYSEC-2014-86
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:57:37.970076+00:00 RedHat Importer Affected by VCID-jau7-gfz8-dkfa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json 38.0.0
2026-04-01T14:52:40.152087+00:00 RedHat Importer Affected by VCID-tbug-mv5x-uucb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json 38.0.0
2026-04-01T14:51:40.293577+00:00 RedHat Importer Affected by VCID-zkgb-14kz-33dz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json 38.0.0
2026-04-01T14:51:10.224816+00:00 RedHat Importer Affected by VCID-1mw1-384y-huc7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json 38.0.0
2026-04-01T14:48:48.906097+00:00 RedHat Importer Affected by VCID-va8w-uzhc-x3bz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json 38.0.0
2026-04-01T14:46:13.931367+00:00 RedHat Importer Affected by VCID-8wen-twwa-8khm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json 38.0.0
2026-04-01T14:44:55.790158+00:00 RedHat Importer Affected by VCID-77c9-jb1m-6qe2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0203.json 38.0.0
2026-04-01T14:44:35.374930+00:00 RedHat Importer Affected by VCID-9gb8-xvrc-aqgb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0223.json 38.0.0
2026-04-01T14:44:29.393046+00:00 RedHat Importer Affected by VCID-vhxh-tpay-mbh3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0224.json 38.0.0
2026-04-01T14:43:27.629389+00:00 RedHat Importer Affected by VCID-jfqz-9a6e-jff7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2100.json 38.0.0
2026-04-01T14:43:23.090506+00:00 RedHat Importer Affected by VCID-fq2t-c2nv-23ce https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1609.json 38.0.0
2026-04-01T14:43:18.525328+00:00 RedHat Importer Affected by VCID-rc65-py17-kuhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json 38.0.0
2026-04-01T14:42:21.766227+00:00 RedHat Importer Affected by VCID-1yu9-avtx-cybv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json 38.0.0
2026-04-01T14:41:29.141539+00:00 RedHat Importer Affected by VCID-7f1h-1fw8-k7c4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json 38.0.0
2026-04-01T14:40:47.190850+00:00 RedHat Importer Affected by VCID-sqjb-qpyd-p7gn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json 38.0.0
2026-04-01T14:40:38.835292+00:00 RedHat Importer Affected by VCID-3ycr-9smk-uqdc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json 38.0.0
2026-04-01T14:40:08.033855+00:00 RedHat Importer Affected by VCID-bysx-t7fz-5kdk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5245.json 38.0.0
2026-04-01T14:37:37.201570+00:00 RedHat Importer Affected by VCID-6xkf-evrx-pyau https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json 38.0.0