Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0173 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||||
CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||||
CVE-2013-0171 | 1 Theforeman | 1 Foreman | 2014-05-08 | 7.5 HIGH | N/A |
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | |||||
CVE-2012-5477 | 1 Theforeman | 1 Foreman | 2014-05-08 | 3.6 LOW | N/A |
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. |