Vulnerabilities > Theforeman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 5.4 |
| 2018-09-21 | CVE-2018-14643 | DEPRECATED: Authentication Bypass Issues vulnerability in Theforeman Foreman An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. | 9.8 |
| 2018-09-10 | CVE-2016-7078 | Information Exposure vulnerability in Theforeman Foreman 1.15.0 foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. | 4.3 |
| 2018-09-10 | CVE-2016-7077 | Information Exposure vulnerability in Theforeman Foreman foreman before 1.14.0 is vulnerable to an information leak. | 4.3 |
| 2018-08-22 | CVE-2017-2662 | Missing Authorization vulnerability in Theforeman Katello 3.4.5 A flaw was found in Foreman's katello plugin version 3.4.5. | 4.3 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8634 | Cross-site Scripting vulnerability in Theforeman Foreman 1.14.0 A vulnerability was found in foreman 1.14.0. | 5.4 |
| 2018-07-31 | CVE-2016-8613 | Cross-site Scripting vulnerability in Theforeman Foreman 1.5.1 A flaw was found in foreman 1.5.1. | 6.1 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 6.1 |