candlepin-selinux

Direct Vulnerabilities

Known vulnerabilities in the candlepin-selinux package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Deserialization of Untrusted Data

*
  • H
Incomplete Blacklist

*
  • H
Deserialization of Untrusted Data

*
  • H
Comparison Using Wrong Factors

*
  • M
Insufficient Granularity of Access Control

*
  • M
Authorization Bypass Through User-Controlled Key

*
  • H
Uncontrolled Memory Allocation

*
  • H
Incorrect Default Permissions

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
Deserialization of Untrusted Data

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • M
Insufficient Granularity of Access Control

*
  • H
Excessive Platform Resource Consumption within a Loop

*
  • H
Deserialization of Untrusted Data

*
  • M
Deserialization of Untrusted Data

*
  • H
LDAP Injection

*
  • H
Missing Authentication for Critical Function

*
  • H
Numeric Range Comparison Without Minimum Check

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
Arbitrary Code Injection

*
  • H
HTTP Request Smuggling

*
  • M
Integer Overflow or Wraparound

*
  • M
CRLF Injection

*
  • M
Missing Authentication for Critical Function

*
  • M
Incorrect Authorization

*
  • H
Deserialization of Untrusted Data

*
  • M
Improper Input Validation

*
  • M
CRLF Injection

*
  • M
Improper Input Validation

*
  • M
HTTP Request Smuggling

*
  • L
Resource Exhaustion

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Uncontrolled Recursion

*
  • L
CVE-2018-3258

<0:3.1.21-1.el7sat
  • L
Improper Validation of Syntactic Correctness of Input

*
  • M
Improper Access Control

*
  • M
Information Exposure Through Log Files

<0:2.5.15-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:2.5.15-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:2.5.15-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:2.5.15-1.el7sat
  • M
Information Exposure

<0:3.1.26-1.el7sat
  • M
Missing Authorization

<0:3.1.26-1.el7sat
  • M
Information Exposure Through Log Files

<0:3.1.26-1.el7sat
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
SQL Injection

<0:2.4.8-1.el7
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
Deserialization of Untrusted Data

<0:2.4.8-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.4.8-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.4.8-1.el7
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
Improper Input Validation

<0:3.1.21-1.el7sat
  • H
Use of a Broken or Risky Cryptographic Algorithm

<0:2.4.8-1.el7
  • H
Cross-site Scripting (XSS)

<0:3.1.21-1.el7sat
  • H
Improper Access Control

<0:2.4.8-1.el7
  • H
Missing Required Cryptographic Step

<0:2.4.8-1.el7
  • H
Missing Required Cryptographic Step

<0:2.4.8-1.el7
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
Covert Timing Channel

<0:2.4.8-1.el7
  • H
Incorrect Calculation

<0:2.4.8-1.el7
  • H
Missing Required Cryptographic Step

<0:2.4.8-1.el7
  • H
Missing Required Cryptographic Step

<0:2.4.8-1.el7
  • H
Missing Required Cryptographic Step

<0:2.4.8-1.el7
  • M
Information Exposure

<0:3.1.26-1.el7sat
  • M
Directory Traversal

<0:2.5.15-1.el7sat
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<0:2.4.8-1.el7
  • L
Authentication Bypass by Primary Weakness

<0:4.0.15-1.el7sat
  • L
Authentication Bypass by Primary Weakness

<0:4.0.15-1.el7sat
  • H
Improper Certificate Validation

<0:2.4.8-1.el7
  • H
SQL Injection

<0:2.1.14-1.el7
  • H
Cleartext Storage of Sensitive Information

<0:2.1.14-1.el7
  • H
Insufficient Verification of Data Authenticity

<0:2.1.14-1.el7
  • H
Deserialization of Untrusted Data

<0:2.1.14-1.el7
  • H
Improper Input Validation

<0:2.1.14-1.el7
  • H
Insecure Temporary File

<0:2.1.14-1.el7
  • H
Insufficiently Protected Credentials

<0:2.1.14-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.1.14-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.1.14-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.1.14-1.el7
  • H
Improper Authorization

<0:2.1.14-1.el7
  • H
Improper Authorization

<0:2.1.14-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.1.14-1.el7
  • H
Information Exposure Through Log Files

<0:2.1.14-1.el7
  • H
Information Exposure

<0:2.1.14-1.el7
  • H
Improper Access Control

<0:2.1.14-1.el7
  • H
Use of Insufficiently Random Values

<0:2.1.14-1.el7
  • H
Incorrect Permission Assignment for Critical Resource

<0:2.1.14-1.el7
  • H
Improper Input Validation

<0:2.1.14-1.el7
  • H
Improper Access Control

<0:2.1.14-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.1.14-1.el7
  • M
Incorrect Behavior Order

*
  • M
Improper Input Validation

<0:0.9.54.7-1.el7
  • M
Incorrect Permission Assignment for Critical Resource

<0:0.9.54.7-1.el7
  • M
Race Condition

<0:0.9.54.7-1.el7
  • M
Insecure Temporary File

<0:0.9.54.7-1.el7
  • M
Incorrect Permission Assignment for Critical Resource

<0:0.9.54.7-1.el7
  • M
Cross-site Scripting (XSS)

<0:0.9.54.7-1.el7
  • M
Cleartext Transmission of Sensitive Information

<0:0.9.54.7-1.el7
  • M
Incorrect Permission Assignment for Critical Resource

<0:2.6.9-1.el7sat
  • M
Cleartext Storage of Sensitive Information

<0:2.6.9-1.el7sat
  • M
Improper Authentication

<0:2.6.9-1.el7sat
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
Improper Authorization

<0:2.9.25-1.el7sat
  • H
Cleartext Transmission of Sensitive Information

<0:2.9.25-1.el7sat
  • H
Improper Certificate Validation

<0:2.9.25-1.el7sat
  • H
Insufficiently Protected Credentials

<0:3.1.21-1.el7sat
  • H
Inefficient Regular Expression Complexity

<0:2.4.8-1.el7
  • H
Inefficient Regular Expression Complexity

<0:2.4.8-1.el7
  • H
Cross-site Scripting (XSS)

<0:2.4.8-1.el7
  • H
Improper Authentication

<0:2.9.30-1.el7sat
  • H
Improper Authentication

<0:3.1.21-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:2.6.9-1.el7sat
  • H
Information Exposure

<0:3.1.21-1.el7sat
  • M
Information Exposure

<0:3.1.26-1.el7sat
  • H
Binding to an Unrestricted IP Address

<0:3.1.21-1.el7sat
  • M
SQL Injection

<0:3.1.26-1.el7sat
  • H
Improperly Implemented Security Check for Standard

<0:3.1.21-1.el7sat
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:2.4.8-1.el7
  • H
Missing Authorization

<0:3.1.21-1.el7sat
  • H
Information Exposure

<0:2.4.8-1.el7
  • H
Improper Validation of Certificate with Host Mismatch

<0:3.1.21-1.el7sat
  • M
Execution with Unnecessary Privileges

<0:3.1.26-1.el7sat
  • L
CVE-2022-33980

*
  • L
Arbitrary Code Injection

*
  • H
HTTP Request Smuggling

<0:3.1.21-1.el7sat
  • L
HTTP Request Smuggling

*
  • L
HTTP Request Smuggling

*
  • M
Resource Exhaustion

<0:2.6.9-1.el7sat
  • M
HTTP Request Smuggling

*
  • M
HTTP Request Smuggling

*
  • M
Allocation of Resources Without Limits or Throttling

<0:3.1.26-1.el7sat
  • M
HTTP Request Smuggling

*
  • L
Resource Exhaustion

*
  • L
Resource Exhaustion

*
  • M
Information Exposure

<0:3.1.26-1.el7sat
  • M
Cross-site Request Forgery (CSRF)

<0:3.1.26-1.el7sat
  • H
Cross-site Scripting (XSS)

<0:3.1.21-1.el7sat
  • M
Cross-site Request Forgery (CSRF)

<0:3.1.26-1.el7sat
  • H
Inefficient Regular Expression Complexity

<0:3.1.21-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:3.1.26-1.el7sat
  • M
Improper Input Validation

<0:3.1.26-1.el7sat
  • M
Improper Input Validation

<0:3.1.26-1.el7sat
  • H
Arbitrary Code Injection

<0:3.1.21-1.el7sat
  • H
Directory Traversal

<0:3.1.21-1.el7sat
  • H
CRLF Injection

<0:3.1.21-1.el7sat
  • H
Incomplete Blacklist

<0:2.4.8-1.el7
  • M
Creation of Temporary File in Directory with Incorrect Permissions

*
  • M
Deserialization of Untrusted Data

*
  • M
Deserialization of Untrusted Data

*
  • M
Deserialization of Untrusted Data

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • M
Resource Exhaustion

*
  • H
Reliance on Untrusted Inputs in a Security Decision

<0:3.1.21-1.el7sat
  • L
Improper Handling of Insufficient Permissions or Privileges

*
  • L
Incorrect Authorization

*
  • H
Integer Overflow or Wraparound

<0:2.1.14-1.el7
  • H
Improper Input Validation

<0:0.9.54.26-1.el7
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • M
Improper Input Validation

*
  • M
HTTP Response Splitting

<0:2.6.9-1.el7sat
  • M
XML External Entity (XXE) Injection

*
  • H
CVE-2018-3258

<0:3.1.21-1.el7sat
  • H
Covert Timing Channel

<0:3.1.21-1.el7sat
  • M
Covert Timing Channel

<0:3.1.26-1.el7sat
  • M
Arbitrary Argument Injection

<0:2.6.9-1.el7sat
  • H
Out-of-Bounds

<0:2.4.8-1.el7
  • M
Improper Neutralization of Special Elements

<0:2.6.9-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.25-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • M
CVE-2016-6346

<0:2.5.15-1.el7sat
  • L
Information Exposure

*
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • M
Improper Neutralization of Special Elements

<0:2.6.9-1.el7sat
  • M
Information Exposure

<0:3.1.26-1.el7sat
  • L
XML External Entity (XXE) Injection

*
  • L
Static Code Injection

*
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.16-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.28-1.el7sat
  • H
Deserialization of Untrusted Data

<0:3.1.21-1.el7sat
  • M
Use After Free

<0:3.1.26-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.9.25-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.6.13-1.el7sat
  • H
Deserialization of Untrusted Data

<0:2.5.22-1.el7sat