Filtered by vendor Theforeman
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8183 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-03-03 | 6.5 MEDIUM | 7.4 HIGH |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | |||||
| CVE-2018-1097 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-02-12 | 4.0 MEDIUM | 8.8 HIGH |
| A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. | |||||
| CVE-2016-2100 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.5 MEDIUM | 5.4 MEDIUM |
| Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | |||||
| CVE-2016-6320 | 1 Theforeman | 1 Foreman | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. | |||||
| CVE-2016-6319 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. | |||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 5.0 MEDIUM | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||
| CVE-2013-4182 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 7.5 HIGH | N/A |
| app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||||
| CVE-2013-2113 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 6.0 MEDIUM | N/A |
| The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. | |||||
| CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Katello has multiple XSS issues in various entities | |||||
| CVE-2013-2121 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | |||||
| CVE-2015-5233 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-02-12 | 6.0 MEDIUM | 4.2 MEDIUM |
| Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | |||||
| CVE-2015-5152 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | 8.1 HIGH |
| Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | |||||
| CVE-2015-3235 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.0 MEDIUM | N/A |
| Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | |||||
| CVE-2015-3155 | 1 Theforeman | 1 Foreman | 2023-02-12 | 5.0 MEDIUM | N/A |
| Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-3691 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 7.5 HIGH | N/A |
| Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. | |||||
| CVE-2014-3531 | 1 Theforeman | 1 Foreman | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | |||||
| CVE-2014-0208 | 1 Theforeman | 1 Foreman | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | |||||
| CVE-2014-0192 | 1 Theforeman | 1 Foreman | 2023-02-12 | 5.0 MEDIUM | N/A |
| Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof." | |||||
| CVE-2014-0089 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark. | |||||
| CVE-2014-0091 | 1 Theforeman | 1 Foreman | 2023-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Foreman has improper input validation which could lead to partial Denial of Service | |||||