Search
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0007 | 1 Theforeman | 1 Foreman | 2014-06-23 | 7.5 HIGH | N/A |
| The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | |||||
| CVE-2014-0090 | 1 Theforeman | 1 Foreman | 2014-05-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. | |||||
| CVE-2014-0192 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof." | |||||
| CVE-2013-0210 | 1 Theforeman | 1 Foreman | 2014-05-08 | 7.5 HIGH | N/A |
| The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. | |||||
| CVE-2013-0187 | 1 Theforeman | 1 Foreman | 2014-05-08 | 6.5 MEDIUM | N/A |
| Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. | |||||
| CVE-2013-0173 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||||
| CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||||
| CVE-2013-0171 | 1 Theforeman | 1 Foreman | 2014-05-08 | 7.5 HIGH | N/A |
| Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | |||||
| CVE-2012-5477 | 1 Theforeman | 1 Foreman | 2014-05-08 | 3.6 LOW | N/A |
| The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | |||||
| CVE-2014-0089 | 1 Theforeman | 1 Foreman | 2014-03-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark. | |||||
| CVE-2013-4182 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2013-09-17 | 7.5 HIGH | N/A |
| app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2013-09-17 | 5.0 MEDIUM | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||