Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman 1.4.4 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
383
VMScore
CVE-2015-5152
Foreman after 1.1 and prior to 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote malicious users to obtain user credentials via a man-in-the-middle attack.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.3.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.2.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.2.1
Theforeman Foreman 1.8.0
Theforeman Foreman 1.7.4
Theforeman Foreman 1.7.5
Theforeman Foreman 1.7.0
Theforeman Foreman 1.4.2
Theforeman Foreman 1.8.1
Theforeman Foreman 1.5.0
Theforeman Foreman 1.2.0
Theforeman Foreman 1.5.2
Theforeman Foreman 1.5.3
Theforeman Foreman 1.2.3
Theforeman Foreman 1.1-1
Theforeman Foreman 1.6.0
Theforeman Foreman 1.8.3
Theforeman Foreman 1.7.1
Theforeman Foreman 1.5.1
312
VMScore
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started