Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2021-20259 Information Exposure vulnerability in Theforeman Foremanfogproxmox
A flaw was found in the Foreman project.
local
low complexity
theforeman CWE-200
4.6
2021-06-03 CVE-2021-3469 Incorrect Authorization vulnerability in Theforeman Foreman
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw.
3.5
2021-05-27 CVE-2020-10716 Improper Authorization vulnerability in multiple products
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman CWE-285
4.0
2021-05-12 CVE-2021-3457 Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks
An improper authorization handling flaw was found in Foreman.
local
low complexity
theforeman CWE-863
3.6
2021-04-26 CVE-2021-3494 Cleartext Transmission of Sensitive Information vulnerability in Theforeman Foreman
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack.
4.3
2021-04-08 CVE-2021-3413 Information Exposure vulnerability in multiple products
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0.
network
low complexity
theforeman redhat CWE-200
6.5
2019-12-13 CVE-2014-0241 Insufficiently Protected Credentials vulnerability in multiple products
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
local
low complexity
theforeman redhat CWE-522
2.1
2019-12-11 CVE-2014-0091 Improper Input Validation vulnerability in Theforeman Foreman
Foreman has improper input validation which could lead to partial Denial of Service
network
low complexity
theforeman CWE-20
5.0
2019-12-10 CVE-2013-4120 Resource Exhaustion vulnerability in Theforeman Katello
Katello has a Denial of Service vulnerability in API OAuth authentication
network
low complexity
theforeman CWE-400
5.0
2019-12-05 CVE-2013-0283 Cross-Site Scripting vulnerability in Theforeman Katello
Katello: Username in Notification page has cross site scripting
network
theforeman CWE-79
3.5