Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2018-06-21 CVE-2017-2672 Improper Privilege Management vulnerability in multiple products
A flaw was found in foreman before version 1.15 in the logging of adding and registering images.
network
low complexity
theforeman redhat CWE-269
8.8
2018-04-16 CVE-2016-9593 Credentials Management vulnerability in multiple products
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging.
network
low complexity
theforeman redhat CWE-255
8.8
2018-04-05 CVE-2018-1096 SQL Injection vulnerability in multiple products
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1.
network
low complexity
theforeman redhat CWE-89
6.5
2018-04-04 CVE-2018-1097 A flaw was found in foreman before 1.16.1.
network
low complexity
theforeman redhat
8.8
2018-03-12 CVE-2017-2667 Improper Certificate Validation vulnerability in multiple products
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default.
network
high complexity
theforeman redhat CWE-295
8.1
2017-11-27 CVE-2017-15100 An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
network
low complexity
theforeman redhat
6.1
2017-10-18 CVE-2014-3531 Cross-site Scripting vulnerability in Theforeman Foreman
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
network
low complexity
theforeman CWE-79
5.4
2017-10-16 CVE-2014-0208 Cross-site Scripting vulnerability in Theforeman Foreman
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
network
low complexity
theforeman CWE-79
5.4
2017-10-06 CVE-2015-5246 7PK - Security Features vulnerability in Theforeman Foreman 1.9.0
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
network
high complexity
theforeman CWE-254
8.1
2017-09-25 CVE-2015-5282 Cross-site Scripting vulnerability in Theforeman Foreman
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
network
low complexity
theforeman CWE-79
6.1