Max CVSS 6.0 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-3235 6.0
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
13-02-2023 - 00:48 14-08-2015 - 18:59
CVE-2015-3155 5.0
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
13-02-2023 - 00:47 14-08-2015 - 18:59
CVE-2015-1844 4.0
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2015-1816 5.0
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
13-08-2018 - 21:47 14-08-2015 - 18:59
Back to Top Mark selected
Back to Top