Vulnerabilities > Theforeman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-31 | CVE-2019-10198 | Improper Authentication vulnerability in Theforeman Foreman-Tasks An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. | 4.0 |
| 2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
| 2018-12-14 | CVE-2018-14623 | Information Exposure Through an Error Message vulnerability in Theforeman Katello A SQL injection flaw was found in katello's errata-related API. | 4.3 |
| 2018-09-10 | CVE-2016-7078 | Information Exposure vulnerability in Theforeman Foreman 1.15.0 foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. | 4.3 |
| 2018-09-10 | CVE-2016-7077 | Information Exposure vulnerability in Theforeman Foreman foreman before 1.14.0 is vulnerable to an information leak. | 4.3 |
| 2018-08-22 | CVE-2017-2662 | Missing Authorization vulnerability in Theforeman Katello 3.4.5 A flaw was found in Foreman's katello plugin version 3.4.5. | 4.3 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8634 | Cross-site Scripting vulnerability in Theforeman Foreman 1.14.0 A vulnerability was found in foreman 1.14.0. | 5.4 |
| 2018-07-31 | CVE-2016-8613 | Cross-site Scripting vulnerability in Theforeman Foreman 1.5.1 A flaw was found in foreman 1.5.1. | 6.1 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |