Filtered by vendor Theforeman
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5246 | 1 Theforeman | 1 Foreman | 2024-11-21 | N/A |
| The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | ||||
| CVE-2015-5152 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | ||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | 7.4 High |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||||
| CVE-2014-3531 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | ||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 5.5 Medium |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
| CVE-2014-0208 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | ||||
| CVE-2014-0091 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 5.3 Medium |
| Foreman has improper input validation which could lead to partial Denial of Service | ||||
| CVE-2013-4120 | 1 Theforeman | 1 Katello | 2024-11-21 | 7.5 High |
| Katello has a Denial of Service vulnerability in API OAuth authentication | ||||
| CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2024-11-21 | 5.4 Medium |
| Katello has multiple XSS issues in various entities | ||||
| CVE-2013-0283 | 1 Theforeman | 1 Katello | 2024-11-21 | 5.4 Medium |
| Katello: Username in Notification page has cross site scripting | ||||