Theforeman

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0171 1Theforeman 1Foreman May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVE-2012-5477 1Theforeman 1Foreman May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
CVE-2013-2143 2Redhat Theforeman 2Katello Network Satellite May 6, 2026 Apr 17, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account...Show more The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.Show less
CVE-2012-5648 1Theforeman 1Foreman May 6, 2026 Apr 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, rel...Show more Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.Show less
CVE-2014-0089 1Theforeman 1Foreman May 6, 2026 Mar 27, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmar...Show more Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.Show less
CVE-2013-4386 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-4182 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4180 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-2121 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Jul 31, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller...Show more Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.Show less
CVE-2013-2113 2Redhat Theforeman 2Foreman Openstack Apr 29, 2026 Jul 31, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (...Show more The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.Show less
CVE-2012-3503 2Redhat Theforeman 2Enterprise Linux Server Katello Apr 29, 2026 Aug 25, 2012 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers t...Show more The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.Show less

Previous 1 2 3 45