Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
445
VMScore
CVE-2015-1816
Forman prior to 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle malicious users to spoof LDAP servers via a crafted certificate.
Theforeman Foreman
409
VMScore
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabi...
Theforeman Foremanfogproxmox
312
VMScore
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
312
VMScore
CVE-2013-0283
Katello: Username in Notification page has cross site scripting
Theforeman Katello -
445
VMScore
CVE-2013-0173
Foreman prior to 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Theforeman Foreman
445
VMScore
CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service
Theforeman Foreman -
605
VMScore
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Theforeman Foreman 1.9.0
312
VMScore
CVE-2018-14664
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be ...
Theforeman Foreman 1.18.0
356
VMScore
CVE-2016-7078
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's acti...
Theforeman Foreman 1.15.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »