| Max CVSS | 5.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10906 | 5.0 |
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
|
01-03-2023 - 14:56 | 07-04-2019 - 00:29 | |
| CVE-2019-12387 | 4.3 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
|
28-02-2023 - 20:47 | 10-06-2019 - 12:29 | |
| CVE-2019-14825 | 4.0 |
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry cre
|
12-02-2023 - 23:34 | 25-11-2019 - 16:15 | |
| CVE-2019-3893 | 4.0 |
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resou
|
30-11-2022 - 22:00 | 09-04-2019 - 16:29 | |
| CVE-2019-0223 | 5.8 |
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer cert
|
22-04-2022 - 20:09 | 23-04-2019 - 16:29 | |
| CVE-2018-1000632 | 5.0 |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo
|
07-09-2021 - 06:15 | 20-08-2018 - 19:31 | |
| CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
| CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
| CVE-2018-16470 | 5.0 |
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
|
09-10-2019 - 23:36 | 13-11-2018 - 23:29 | |
| CVE-2016-10745 | 5.0 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
|
06-06-2019 - 16:29 | 08-04-2019 - 13:29 | |
| CVE-2016-10516 | 4.3 |
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML v
|
04-02-2018 - 02:29 | 23-10-2017 - 16:29 |