Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2016-8639
It was found that foreman prior to 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Theforeman Foreman
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
3.5
CVSSv2
CVE-2014-3531
Multiple cross-site scripting (XSS) vulnerabilities in Foreman prior to 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Theforeman Foreman
3.5
CVSSv2
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
1.9
CVSSv2
CVE-2014-0135
Kafo prior to 0.3.17 and 0.4.x prior to 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Theforeman Kafo 0.5.1
Theforeman Kafo 0.3.11
Theforeman Kafo 0.3.9
Theforeman Kafo 0.3.4
Theforeman Kafo 0.3.2
Theforeman Kafo 0.0.17
Theforeman Kafo 0.0.15
Theforeman Kafo 0.0.8
Theforeman Kafo 0.0.6
Theforeman Kafo 0.0.1
Theforeman Kafo
Theforeman Kafo 0.3.15
Theforeman Kafo 0.3.14
Theforeman Kafo 0.3.13
Theforeman Kafo 0.3.0
Theforeman Kafo 0.2.2
Theforeman Kafo 0.2.1
Theforeman Kafo 0.2.0
Theforeman Kafo 0.1.0
Theforeman Kafo 0.0.5
Theforeman Kafo 0.0.4
Theforeman Kafo 0.0.3
NA
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Theforeman Foreman
Redhat Satellite 6.0
NA
CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underly...
Redhat Satellite 6.0
Theforeman Foreman -
NA
CVE-2023-0118
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Theforeman Foreman
Redhat Satellite
NA
CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Theforeman Foreman
Redhat Satellite
NA
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
NA
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »