Search for packages
| purl | pkg:rpm/redhat/tfm-rubygem-hammer_cli_foreman_virt_who_configure@0.0.5.1-1?arch=el7sat |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2g54-3acq-pbha
Aliases: CVE-2020-10716 |
rubygem-foreman_ansible: "User input" entry from Job Invocation may contain sensitive data | There are no reported fixed by versions. |
|
VCID-9wej-f7zx-pfeq
Aliases: CVE-2019-12086 GHSA-5ww9-j83m-q7qx |
Information exposure in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. | There are no reported fixed by versions. |
|
VCID-bhq3-j6aj-1yae
Aliases: CVE-2019-10086 GHSA-6phf-73q6-gh87 |
Insecure Deserialization in Apache Commons Beanutils In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | There are no reported fixed by versions. |
|
VCID-mv26-fzn6-vycf
Aliases: CVE-2017-17718 GHSA-m7p8-9w66-9frm |
No validation of hostname certificate Net-ldap does not validate the hostname certificate. Ruby is relying on OpenSSL, and one common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. did not perform hostname validation. and up contain support for hostname validation, but they still require the user to call a few functions to set it up. | There are no reported fixed by versions. |
|
VCID-z6er-42pm-7ubq
Aliases: CVE-2019-0231 GHSA-5h29-qq92-wj7f |
Cleartext Transmission of Sensitive Information in Apache MINA Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:38:10.011836+00:00 | RedHat Importer | Affected by | VCID-mv26-fzn6-vycf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json | 38.0.0 |
| 2026-04-01T14:20:03.054180+00:00 | RedHat Importer | Affected by | VCID-z6er-42pm-7ubq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0231.json | 38.0.0 |
| 2026-04-01T14:19:34.177719+00:00 | RedHat Importer | Affected by | VCID-9wej-f7zx-pfeq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12086.json | 38.0.0 |
| 2026-04-01T14:17:00.595568+00:00 | RedHat Importer | Affected by | VCID-bhq3-j6aj-1yae | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10086.json | 38.0.0 |
| 2026-04-01T14:08:40.147485+00:00 | RedHat Importer | Affected by | VCID-2g54-3acq-pbha | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10716.json | 38.0.0 |