Vulnerabilities > Theforeman > Foreman > 0.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-08 | CVE-2013-0173 | Cryptographic Issues vulnerability in Theforeman Foreman Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | 5.0 |
| 2014-05-08 | CVE-2013-0171 | Code Injection vulnerability in Theforeman Foreman Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | 7.5 |
| 2014-05-08 | CVE-2012-5477 | Permissions, Privileges, and Access Controls vulnerability in Theforeman Foreman The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | 3.6 |
| 2014-04-04 | CVE-2012-5648 | SQL Injection vulnerability in Theforeman Foreman Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. | 7.5 |