Vulnerabilities > Theforeman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2014-0091 | Improper Input Validation vulnerability in Theforeman Foreman Foreman has improper input validation which could lead to partial Denial of Service | 5.3 |
| 2019-12-05 | CVE-2013-0283 | Cross-site Scripting vulnerability in Theforeman Katello Katello: Username in Notification page has cross site scripting | 5.4 |
| 2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
| 2019-07-31 | CVE-2019-10198 | Missing Authentication for Critical Function vulnerability in multiple products An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. | 6.5 |
| 2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
| 2019-01-13 | CVE-2018-16887 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 5.4 |
| 2018-12-14 | CVE-2018-14623 | Unspecified vulnerability in Theforeman Katello A SQL injection flaw was found in katello's errata-related API. | 4.3 |
| 2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 4.8 |
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 5.4 |
| 2018-09-10 | CVE-2016-7078 | Information Exposure vulnerability in Theforeman Foreman 1.15.0 foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. | 4.3 |