Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
312
VMScore
CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code e...
Theforeman Foreman
Theforeman Foreman 1.20.0
578
VMScore
CVE-2016-2100
Foreman prior to 1.10.3 and 1.11.0 prior to 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
Theforeman Foreman
Theforeman Foreman 1.11.0
383
VMScore
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
605
VMScore
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
801
VMScore
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
605
VMScore
CVE-2013-2113
The create method in app/controllers/users_controller.rb in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
320
VMScore
CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resour...
Theforeman Openscap
668
VMScore
CVE-2013-0171
Foreman prior to 1.1 allows remote malicious users to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
Theforeman Foreman
445
VMScore
CVE-2013-0174
The external node classifier (ENC) API in Foreman prior to 1.1 allows remote malicious users to obtain the hashed root password via an API request.
Theforeman Foreman
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »