Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-5648
Multiple SQL injection vulnerabilities in Foreman prior to 1.0.2 allow remote malicious users to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
Theforeman Foreman 0.2
Theforeman Foreman 0.4.1
Theforeman Foreman 0.3
Theforeman Foreman
Theforeman Foreman 0.1
Theforeman Foreman 0.4
4.3
CVSSv2
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
6
CVSSv2
CVE-2013-2113
The create method in app/controllers/users_controller.rb in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
6
CVSSv2
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
6.5
CVSSv2
CVE-2012-3503
The installation script in Katello 1.0 and previous versions does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote malicious users to authenticate to the CloudForms System Engi...
Theforeman Katello
Redhat Enterprise Linux Server 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7