Vulnerabilities > Theforeman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2014-0241 | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 2.1 |
| 2019-12-11 | CVE-2014-0091 | Improper Input Validation vulnerability in Theforeman Foreman Foreman has improper input validation which could lead to partial Denial of Service | 5.0 |
| 2019-12-10 | CVE-2013-4120 | Resource Exhaustion vulnerability in Theforeman Katello Katello has a Denial of Service vulnerability in API OAuth authentication | 5.0 |
| 2019-12-05 | CVE-2013-0283 | Cross-Site Scripting vulnerability in Theforeman Katello Katello: Username in Notification page has cross site scripting | 3.5 |
| 2019-12-03 | CVE-2013-2101 | Cross-Site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 3.5 |
| 2019-11-25 | CVE-2019-14825 | Cleartext Transmission of Sensitive Information vulnerability in Theforeman Katello A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. | 4.0 |
| 2019-08-01 | CVE-2014-8183 | Improper Access Control vulnerability in multiple products It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. | 6.5 |
| 2019-07-31 | CVE-2019-10198 | Improper Authentication vulnerability in Theforeman Foreman-Tasks An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. | 4.0 |
| 2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.0 |
| 2019-01-13 | CVE-2018-16887 | Cross-Site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 3.5 |