Foreman

foreman

Vendor: Theforeman • 70 CVEs

CVEs (70)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0173 1Theforeman 1Foreman May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVE-2013-0171 1Theforeman 1Foreman May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVE-2012-5477 1Theforeman 1Foreman May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
CVE-2012-5648 1Theforeman 1Foreman May 6, 2026 Apr 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, rel...Show more Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.Show less
CVE-2014-0089 1Theforeman 1Foreman May 6, 2026 Mar 27, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmar...Show more Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.Show less
CVE-2013-4386 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-4182 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4180 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-2121 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Jul 31, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller...Show more Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.Show less
CVE-2013-2113 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Jul 31, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (...Show more The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.Show less

Previous 1 2 34