VulnerableCode Package Details - pkg:rpm/redhat/foreman-proxy@1.22.0.2-1?arch=el7sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/foreman-proxy@1.22.0.2-1?arch=el7sat

Essentials
History (9)

purl	pkg:rpm/redhat/foreman-proxy@1.22.0.2-1?arch=el7sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-3af2-c1m7-3kdr Aliases: CVE-2019-10198	foreman: authorization bypasses in foreman-tasks leading to information disclosure	There are no reported fixed by versions.
VCID-3t8t-yt9b-1fce Aliases: CVE-2016-10516 GHSA-h2fp-xgx6-xh6f PYSEC-2017-43	Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.	There are no reported fixed by versions.
VCID-6fxc-s6ht-x7ht Aliases: CVE-2016-10745 GHSA-hj2j-77xm-mc5v PYSEC-2019-220	In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.	There are no reported fixed by versions.
VCID-6wxf-ewtr-z3hb Aliases: CVE-2019-10906 GHSA-462w-v97r-4m45 PYSEC-2019-217	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.	There are no reported fixed by versions.
VCID-bsbd-bsbq-7qdk Aliases: CVE-2019-14825 GHSA-m4wh-848j-9w2r	Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.	There are no reported fixed by versions.
VCID-hmcs-7s53-mbft Aliases: CVE-2019-3893	foreman: Recover of plaintext password or token for the compute resources	There are no reported fixed by versions.
VCID-nmya-eyxd-9ybe Aliases: CVE-2018-1000632 GHSA-6pcc-3rfx-4gpm	dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.	There are no reported fixed by versions.
VCID-sw69-1r7d-kkht Aliases: CVE-2018-16470 GHSA-hg78-4f6x-99wq	Uncontrolled Resource Consumption There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.	There are no reported fixed by versions.
VCID-zx5n-czhy-6qgu Aliases: CVE-2019-12387 GHSA-6cc5-2vg4-cc7m PYSEC-2019-128	In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:32:42.820573+00:00	RedHat Importer	Affected by	VCID-6fxc-s6ht-x7ht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json	38.0.0
2026-04-01T14:27:18.653362+00:00	RedHat Importer	Affected by	VCID-3t8t-yt9b-1fce	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json	38.0.0
2026-04-01T14:23:43.480729+00:00	RedHat Importer	Affected by	VCID-nmya-eyxd-9ybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json	38.0.0
2026-04-01T14:21:37.749245+00:00	RedHat Importer	Affected by	VCID-sw69-1r7d-kkht	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json	38.0.0
2026-04-01T14:20:30.964710+00:00	RedHat Importer	Affected by	VCID-6wxf-ewtr-z3hb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json	38.0.0
2026-04-01T14:20:24.787405+00:00	RedHat Importer	Affected by	VCID-hmcs-7s53-mbft	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3893.json	38.0.0
2026-04-01T14:18:57.773892+00:00	RedHat Importer	Affected by	VCID-zx5n-czhy-6qgu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json	38.0.0
2026-04-01T14:18:19.402298+00:00	RedHat Importer	Affected by	VCID-3af2-c1m7-3kdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10198.json	38.0.0
2026-04-01T14:17:55.737265+00:00	RedHat Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json	38.0.0