Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2013-0283
Katello: Username in Notification page has cross site scripting
Theforeman Katello -
NA
CVE-2012-5477
The smart proxy in Foreman prior to 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
Theforeman Foreman
6.1
CVSSv3
CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resour...
Theforeman Openscap
5.4
CVSSv3
CVE-2014-3531
Multiple cross-site scripting (XSS) vulnerabilities in Foreman prior to 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Theforeman Foreman
5.3
CVSSv3
CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service
Theforeman Foreman -
7.8
CVSSv3
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabi...
Theforeman Foremanfogproxmox
7.8
CVSSv3
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
4.3
CVSSv3
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Versio...
Theforeman Katello
2.7
CVSSv3
CVE-2019-14825
A cleartext password storage issue exists in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
Theforeman Katello
5.4
CVSSv3
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »