Vulnerabilities > Theforeman > Foreman > 1.15.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
2022-08-16 | CVE-2020-10710 | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. | 4.4 |
2021-12-23 | CVE-2021-3584 | OS Command Injection vulnerability in multiple products A server side remote code execution vulnerability was found in Foreman project. | 9.0 |
2021-06-03 | CVE-2021-3469 | Incorrect Authorization vulnerability in Theforeman Foreman Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. | 3.5 |
2021-04-26 | CVE-2021-3494 | Cleartext Transmission of Sensitive Information vulnerability in Theforeman Foreman A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. | 4.3 |
2019-08-01 | CVE-2014-8183 | Improper Access Control vulnerability in multiple products It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. | 7.4 |
2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 3.5 |
2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 4.3 |
2018-04-05 | CVE-2018-1096 | SQL Injection vulnerability in multiple products An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. | 4.0 |