Search for packages
| purl | pkg:rpm/redhat/python-requests-toolbelt@0.8.0-2?arch=el8cf |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9nj7-fupw-vqaw
Aliases: CVE-2019-0223 GHSA-5h6x-m52p-23ph |
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability only affects the **Qpid Proton C library** and not `org.apache.qpid:proton-j`. This link has been maintained to preserve external references. ## Original Description While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. | There are no reported fixed by versions. |
|
VCID-eh2s-9hss-yken
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:36:04.838101+00:00 | RedHat Importer | Affected by | VCID-eh2s-9hss-yken | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10735.json | 38.0.0 |
| 2026-04-01T14:19:55.843813+00:00 | RedHat Importer | Affected by | VCID-9nj7-fupw-vqaw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json | 38.0.0 |