Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2013-4120 Resource Exhaustion vulnerability in Theforeman Katello
Katello has a Denial of Service vulnerability in API OAuth authentication
network
low complexity
theforeman CWE-400
7.5
2019-12-05 CVE-2013-0283 Cross-site Scripting vulnerability in Theforeman Katello
Katello: Username in Notification page has cross site scripting
network
low complexity
theforeman CWE-79
5.4
2019-12-03 CVE-2013-2101 Cross-site Scripting vulnerability in multiple products
Katello has multiple XSS issues in various entities
network
low complexity
theforeman redhat CWE-79
5.4
2019-11-25 CVE-2019-14825 Unspecified vulnerability in Theforeman Katello
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9.
network
low complexity
theforeman
2.7
2019-08-01 CVE-2014-8183 It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources.
network
low complexity
theforeman redhat
7.4
2019-07-31 CVE-2019-10198 Missing Authentication for Critical Function vulnerability in multiple products
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7.
network
low complexity
theforeman redhat CWE-306
6.5
2019-04-09 CVE-2019-3893 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource.
network
low complexity
theforeman redhat CWE-732
4.9
2019-01-13 CVE-2018-16887 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) flaw was found in the katello component of Satellite.
network
low complexity
redhat theforeman CWE-79
5.4
2018-12-14 CVE-2018-14623 Unspecified vulnerability in Theforeman Katello
A SQL injection flaw was found in katello's errata-related API.
network
low complexity
theforeman
4.3
2018-12-07 CVE-2018-16861 Cross-site Scripting vulnerability in Theforeman Foreman
A cross-site scripting (XSS) flaw was found in the foreman component of satellite.
network
low complexity
theforeman CWE-79
4.8