Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman 1.4.1 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2014-4507
Directory traversal vulnerability in Smart-Proxy in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.0
5
CVSSv2
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
4.3
CVSSv2
CVE-2015-5152
Foreman after 1.1 and prior to 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote malicious users to obtain user credentials via a man-in-the-middle attack.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.3.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.2.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.2.1
Theforeman Foreman 1.8.0
Theforeman Foreman 1.7.4
Theforeman Foreman 1.7.5
Theforeman Foreman 1.7.0
Theforeman Foreman 1.4.2
Theforeman Foreman 1.8.1
Theforeman Foreman 1.5.0
Theforeman Foreman 1.2.0
Theforeman Foreman 1.5.2
Theforeman Foreman 1.5.3
Theforeman Foreman 1.2.3
Theforeman Foreman 1.1-1
Theforeman Foreman 1.6.0
Theforeman Foreman 1.8.3
Theforeman Foreman 1.7.1
Theforeman Foreman 1.5.1
4.3
CVSSv2
CVE-2014-3491
Cross-site scripting (XSS) vulnerability in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.0
4.3
CVSSv2
CVE-2014-3492
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allow remote malicious users to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.0
4.3
CVSSv2
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started