Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Theforeman Subscribe
Filtered by product Foreman
Total 64 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0173 1 Theforeman 1 Foreman 2014-05-08 5.0 MEDIUM N/A
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVE-2013-0174 1 Theforeman 1 Foreman 2014-05-08 5.0 MEDIUM N/A
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
CVE-2013-0171 1 Theforeman 1 Foreman 2014-05-08 7.5 HIGH N/A
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVE-2012-5477 1 Theforeman 1 Foreman 2014-05-08 3.6 LOW N/A
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.