Max CVSS 6.8 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-3155 5.0
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2015-1844 4.0
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2015-1816 5.0
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2016-3107 2.1
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
05-01-2018 - 02:30 08-06-2017 - 18:29
CVE-2016-3112 5.0
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc
05-01-2018 - 02:30 08-06-2017 - 18:29
CVE-2016-3728 6.8
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
05-01-2018 - 02:30 20-05-2016 - 14:59
CVE-2016-3111 2.1
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow loca
05-01-2018 - 02:30 08-06-2017 - 18:29
CVE-2016-3108 3.6
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
05-01-2018 - 02:30 08-06-2017 - 18:29
CVE-2015-5282 4.3
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
29-09-2017 - 15:23 25-09-2017 - 17:29
CVE-2015-5152 4.3
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
27-07-2017 - 15:05 17-07-2017 - 13:18
CVE-2013-4346 4.3
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
28-11-2016 - 19:09 20-05-2014 - 14:55
CVE-2013-4347 5.8
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
28-11-2016 - 19:09 20-05-2014 - 14:55
CVE-2015-3235 6.0
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
18-08-2015 - 07:33 14-08-2015 - 18:59
CVE-2014-3653 4.3
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
08-07-2015 - 16:05 06-07-2015 - 15:59
Back to Top Mark selected
Back to Top