rhvm-appliance vulnerabilities

Known vulnerabilities in the rhvm-appliance package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure	<2:4.3-20190502.0.el7
M Information Exposure Through Log Files	<2:4.3-20190722.0.el7
H Uncaught Exception	<2:4.2-20180828.0.el7
H Directory Traversal	<2:4.2-20180828.0.el7
H Missing Required Cryptographic Step	<2:4.2-20180828.0.el7
H Covert Timing Channel	<1:4.1.20171102.0-1.el7
H Deserialization of Untrusted Data	<2:4.2-20180504.0.el7
H Information Exposure	<2:4.2-20180504.0.el7
H Improper Authentication	<2:4.2-20180504.0.el7
M Improper Input Validation	<2:4.2-20180620.0.el7
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<1:4.1.20171102.0-1.el7
H Improper Input Validation	<1:4.1.20171102.0-1.el7
M Improper Input Validation	*
M Out-of-bounds Read	*
M Improper Input Validation	*
M Incorrect Authorization	*
H HTTP Response Splitting	<2:4.2-20180828.0.el7
L Improper Input Validation	*
H Improper Authentication	<2:4.2-20180504.0.el7
M Integer Overflow or Wraparound	<2:4.3-20190722.0.el7
L Out-of-bounds Read	*
L Insufficient Comparison	*
M Missing Initialization of Resource	<2:4.3-20190605.0.el7
M Allocation of Resources Without Limits or Throttling	<2:4.2-20190129.0.el7
M Allocation of Resources Without Limits or Throttling	<2:4.2-20190129.0.el7
L Authentication Bypass by Primary Weakness	<2:4.2-20181026.1.el7
H Sensitive Information Uncleared Before Release	<2:4.2-20180813.0.el7
H Improper Initialization	<2:4.2-20180828.0.el7
H Arbitrary Command Injection	<2:4.2-20180504.0.el7
H Resource Exhaustion	<2:4.2-20180813.0.el7
H Sensitive Information Uncleared Before Release	<2:4.2-20180813.0.el7
M Improper Neutralization of Special Elements	*
H Deserialization of Untrusted Data	<2:4.2-20180504.0.el7
M Improper Authentication	*
L Improperly Implemented Security Check for Standard	*
L Integer Overflow or Wraparound	*
M Arbitrary Argument Injection	<2:4.3-20190502.0.el7
H Out-of-Bounds	<2:4.2-20180828.0.el7
M NULL Pointer Dereference	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
H Sensitive Information Uncleared Before Release	<2:4.3-20190506.0.el7
H Information Exposure	<2:4.3-20190506.0.el7
H Sensitive Information Uncleared Before Release	<2:4.3-20190506.0.el7
H Sensitive Information Uncleared Before Release	<2:4.3-20190506.0.el7
M Improper Input Validation	<2:4.2-20190224.0.el7
H Encoding Error	<2:4.2-20190411.1.el7
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Improper Handling of Length Parameter Inconsistency	*
M Missing Required Cryptographic Step	<2:4.3-20190722.0.el7
M Information Exposure	<2:4.3-20190409.0.el7
M Information Exposure	*
M Information Exposure	*
M Information Exposure	*
H Resource Exhaustion	<2:4.2-20180828.0.el7

Vulnerability

Vulnerable Version

Information Exposure

<2:4.3-20190502.0.el7

Information Exposure Through Log Files

<2:4.3-20190722.0.el7

Uncaught Exception

<2:4.2-20180828.0.el7

Directory Traversal

<2:4.2-20180828.0.el7

Missing Required Cryptographic Step

<2:4.2-20180828.0.el7