Max CVSS 9.3 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-2672 4.0
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those sy
09-10-2019 - 23:27 21-06-2018 - 13:29
CVE-2017-2667 6.8
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middl
09-10-2019 - 23:27 12-03-2018 - 15:29
CVE-2016-8639 3.5
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code withi
09-10-2019 - 23:20 01-08-2018 - 13:29
CVE-2016-9595 3.6
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
09-10-2019 - 23:20 27-07-2018 - 18:29
CVE-2016-9593 4.0
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
09-10-2019 - 23:20 16-04-2018 - 15:29
CVE-2016-4996 1.9
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain th
06-05-2019 - 18:06 17-07-2017 - 13:18
CVE-2016-4995 3.5
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a UR
26-02-2019 - 16:30 19-08-2016 - 21:59
CVE-2016-1669 9.3
The Zone::New function in in Google V8 before, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer
30-10-2018 - 16:27 14-05-2016 - 21:59
CVE-2013-6459 4.3
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
23-02-2018 - 02:29 31-12-2013 - 16:04
CVE-2016-6319 4.3
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
23-02-2018 - 02:29 19-08-2016 - 21:59
CVE-2016-4451 6.0
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organi
23-02-2018 - 02:29 19-08-2016 - 21:59
CVE-2016-3704 5.0
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
23-02-2018 - 02:29 13-06-2017 - 17:29
CVE-2016-3693 6.8
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
23-02-2018 - 02:29 20-05-2016 - 14:59
CVE-2016-3696 2.1
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
23-02-2018 - 02:29 13-06-2017 - 16:29
Back to Top Mark selected
Back to Top