Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-3589 Missing Authentication for Critical Function vulnerability in multiple products
An authorization flaw was found in Foreman Ansible.
network
high complexity
theforeman redhat CWE-306
8.0
8.0
2021-12-23 CVE-2021-3584 A server side remote code execution vulnerability was found in Foreman project.
network
low complexity
theforeman redhat
7.2
7.2
2021-06-07 CVE-2021-20259 Unspecified vulnerability in Theforeman Foremanfogproxmox
A flaw was found in the Foreman project.
local
low complexity
theforeman
7.8
7.8
2021-06-03 CVE-2021-3469 Incorrect Authorization vulnerability in Theforeman Foreman
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw.
network
low complexity
theforeman CWE-863
5.4
5.4
2021-05-27 CVE-2020-10716 A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman
6.5
6.5
2021-05-12 CVE-2021-3457 Unspecified vulnerability in Theforeman Smart Proxy Shell Hooks 0.9.0/0.9.1
An improper authorization handling flaw was found in Foreman.
local
low complexity
theforeman
6.1
6.1
2021-04-26 CVE-2021-3494 Unspecified vulnerability in Theforeman Foreman
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack.
network
high complexity
theforeman
5.9
5.9
2021-04-08 CVE-2021-3413 A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0.
network
low complexity
theforeman redhat
6.3
6.3
2019-12-13 CVE-2014-0241 Insufficiently Protected Credentials vulnerability in multiple products
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
local
low complexity
theforeman redhat CWE-522
5.5
5.5
2019-12-11 CVE-2014-0091 Improper Input Validation vulnerability in Theforeman Foreman
Foreman has improper input validation which could lead to partial Denial of Service
network
low complexity
theforeman CWE-20
5.3
5.3