Max CVSS | 6.8 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-3112 | 5.0 |
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc
|
13-02-2023 - 04:50 | 08-06-2017 - 18:29 | |
CVE-2016-3111 | 2.1 |
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow loca
|
13-02-2023 - 04:50 | 08-06-2017 - 18:29 | |
CVE-2015-5152 | 4.3 |
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
|
13-02-2023 - 00:49 | 17-07-2017 - 13:18 | |
CVE-2016-3728 | 6.8 |
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
|
12-02-2023 - 23:20 | 20-05-2016 - 14:59 | |
CVE-2016-3107 | 2.1 |
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
|
12-02-2023 - 23:18 | 08-06-2017 - 18:29 | |
CVE-2015-5282 | 4.3 |
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
|
29-09-2017 - 15:23 | 25-09-2017 - 17:29 |