Vulnerabilities > Theforeman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-10 | CVE-2016-7077 | Information Exposure vulnerability in Theforeman Foreman foreman before 1.14.0 is vulnerable to an information leak. | 4.3 |
| 2018-08-22 | CVE-2017-2662 | Missing Authorization vulnerability in Theforeman Katello 3.4.5 A flaw was found in Foreman's katello plugin version 3.4.5. | 4.3 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8634 | Cross-site Scripting vulnerability in Theforeman Foreman 1.14.0 A vulnerability was found in foreman 1.14.0. | 5.4 |
| 2018-07-31 | CVE-2016-8613 | Cross-site Scripting vulnerability in Theforeman Foreman 1.5.1 A flaw was found in foreman 1.5.1. | 6.1 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 4.3 |
| 2018-06-21 | CVE-2017-2672 | Improper Privilege Management vulnerability in multiple products A flaw was found in foreman before version 1.15 in the logging of adding and registering images. | 4.0 |
| 2018-04-16 | CVE-2016-9593 | Credentials Management vulnerability in multiple products foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. | 8.8 |
| 2018-04-05 | CVE-2018-1096 | SQL Injection vulnerability in multiple products An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. | 4.0 |