Vulnerabilities > Theforeman
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-10 | CVE-2013-4120 | Resource Exhaustion vulnerability in Theforeman Katello Katello has a Denial of Service vulnerability in API OAuth authentication | 7.5 |
2019-12-05 | CVE-2013-0283 | Cross-site Scripting vulnerability in Theforeman Katello Katello: Username in Notification page has cross site scripting | 5.4 |
2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
2019-11-25 | CVE-2019-14825 | Unspecified vulnerability in Theforeman Katello A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. | 2.7 |
2019-08-01 | CVE-2014-8183 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. | 7.4 |
2019-07-31 | CVE-2019-10198 | Missing Authentication for Critical Function vulnerability in multiple products An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. | 6.5 |
2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
2019-01-13 | CVE-2018-16887 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 5.4 |
2018-12-14 | CVE-2018-14623 | Unspecified vulnerability in Theforeman Katello A SQL injection flaw was found in katello's errata-related API. | 4.3 |
2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 4.8 |