Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman - vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2014-4507
Directory traversal vulnerability in Smart-Proxy in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.0
320
VMScore
CVE-2012-5477
The smart proxy in Foreman prior to 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
Theforeman Foreman
668
VMScore
CVE-2013-0171
Foreman prior to 1.1 allows remote malicious users to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
Theforeman Foreman
445
VMScore
CVE-2013-0173
Foreman prior to 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Theforeman Foreman
445
VMScore
CVE-2013-0174
The external node classifier (ENC) API in Foreman prior to 1.1 allows remote malicious users to obtain the hashed root password via an API request.
Theforeman Foreman
668
VMScore
CVE-2013-0210
The smart proxy Puppet run API in Foreman prior to 1.2.0 allows remote malicious users to execute arbitrary commands via vectors related to escaping and Puppet commands.
Theforeman Foreman 0.2
Theforeman Foreman 0.4.1
Theforeman Foreman 0.3
Theforeman Foreman
Theforeman Foreman 0.1
Theforeman Foreman 0.4
578
VMScore
CVE-2013-0187
Foreman prior to 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
Theforeman Foreman
169
VMScore
CVE-2014-0135
Kafo prior to 0.3.17 and 0.4.x prior to 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Theforeman Kafo 0.0.11
Theforeman Kafo 0.3.2
Theforeman Kafo 0.0.8
Theforeman Kafo 0.3.10
Theforeman Kafo 0.2.2
Theforeman Kafo 0.3.3
Theforeman Kafo 0.0.10
Theforeman Kafo 0.3.6
Theforeman Kafo 0.0.15
Theforeman Kafo 0.0.9
Theforeman Kafo 0.0.3
Theforeman Kafo 0.3.0
Theforeman Kafo
Theforeman Kafo 0.3.11
Theforeman Kafo 0.3.15
Theforeman Kafo 0.0.17
Theforeman Kafo 0.0.16
Theforeman Kafo 0.3.13
Theforeman Kafo 0.0.6
Theforeman Kafo 0.4.0
Theforeman Kafo 0.0.2
Theforeman Kafo 0.3.8
445
VMScore
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
605
VMScore
CVE-2014-0090
Session fixation vulnerability in Foreman prior to 1.4.2 allows remote malicious users to hijack web sessions via the session id cookie.
Theforeman Foreman 1.2.2
Theforeman Foreman 1.2.1
Theforeman Foreman 1.2.0
Theforeman Foreman 1.2.3
Theforeman Foreman
Theforeman Foreman 1.0
Theforeman Foreman 1.4.0
Theforeman Foreman 1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »