Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
409
VMScore
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabi...
Theforeman Foremanfogproxmox
312
VMScore
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
356
VMScore
CVE-2020-10716
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitiv...
Redhat Satellite Capsule 6.7
Redhat Satellite 6.7
Theforeman Foreman Ansible
187
VMScore
CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
Theforeman Hammer Cli -
Redhat Satellite 6.0
445
VMScore
CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service
Theforeman Foreman -
445
VMScore
CVE-2013-4120
Katello has a Denial of Service vulnerability in API OAuth authentication
Theforeman Katello -
312
VMScore
CVE-2013-0283
Katello: Username in Notification page has cross site scripting
Theforeman Katello -
312
VMScore
CVE-2013-2101
Katello has multiple XSS issues in various entities
Theforeman Katello -
Redhat Satellite 6.0
356
VMScore
CVE-2019-14825
A cleartext password storage issue exists in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
Theforeman Katello
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »