Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Theforeman Foreman
Redhat Satellite 6.0
4.4
CVSSv3
CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.
Theforeman Foreman
4.3
CVSSv3
CVE-2016-7077
foreman prior to 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Theforeman Foreman
4.3
CVSSv3
CVE-2016-7078
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's acti...
Theforeman Foreman 1.15.0
NA
CVE-2015-1816
Forman prior to 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle malicious users to spoof LDAP servers via a crafted certificate.
Theforeman Foreman
NA
CVE-2014-3491
Cross-site scripting (XSS) vulnerability in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
Theforeman Foreman 1.5.0
Theforeman Foreman 1.4.3
Theforeman Foreman
Theforeman Foreman 1.4.2
NA
CVE-2014-3492
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allow remote malicious users to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.
Theforeman Foreman 1.4.0
Theforeman Foreman 1.5.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.1
Theforeman Foreman
Theforeman Foreman 1.4.2
NA
CVE-2014-4507
Directory traversal vulnerability in Smart-Proxy in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
NA
CVE-2014-0135
Kafo prior to 0.3.17 and 0.4.x prior to 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Theforeman Kafo 0.5.1
Theforeman Kafo 0.3.11
Theforeman Kafo 0.3.9
Theforeman Kafo 0.3.4
Theforeman Kafo 0.3.2
Theforeman Kafo 0.0.17
Theforeman Kafo 0.0.15
Theforeman Kafo 0.0.8
Theforeman Kafo 0.0.6
Theforeman Kafo 0.0.1
Theforeman Kafo
Theforeman Kafo 0.3.15
Theforeman Kafo 0.3.14
Theforeman Kafo 0.3.13
Theforeman Kafo 0.3.0
Theforeman Kafo 0.2.2
Theforeman Kafo 0.2.1
Theforeman Kafo 0.2.0
Theforeman Kafo 0.1.0
Theforeman Kafo 0.0.5
Theforeman Kafo 0.0.4
Theforeman Kafo 0.0.3
NA
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »