Vulnerabilities > Theforeman > Foreman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
| 2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 3.5 |
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 3.5 |
| 2018-09-21 | CVE-2018-14643 | DEPRECATED: Authentication Bypass Issues vulnerability in Theforeman Foreman An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. | 9.8 |
| 2018-09-10 | CVE-2016-7078 | Information Exposure vulnerability in Theforeman Foreman 1.15.0 foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. | 4.3 |
| 2018-09-10 | CVE-2016-7077 | Information Exposure vulnerability in Theforeman Foreman foreman before 1.14.0 is vulnerable to an information leak. | 4.3 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8634 | Cross-site Scripting vulnerability in Theforeman Foreman 1.14.0 A vulnerability was found in foreman 1.14.0. | 5.4 |
| 2018-07-31 | CVE-2016-8613 | Cross-site Scripting vulnerability in Theforeman Foreman 1.5.1 A flaw was found in foreman 1.5.1. | 6.1 |
| 2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 4.3 |