Show filters
75 Total Results
Displaying 31-40 of 75
Sort by:
Attacker Value
Unknown
CVE-2016-9593
Disclosure Date: April 16, 2018 (last updated November 08, 2023)
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
0
Attacker Value
Unknown
CVE-2018-1096
Disclosure Date: April 05, 2018 (last updated November 26, 2024)
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
0
Attacker Value
Unknown
CVE-2018-1097
Disclosure Date: April 04, 2018 (last updated November 26, 2024)
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
0
Attacker Value
Unknown
CVE-2017-15100
Disclosure Date: November 27, 2017 (last updated February 16, 2024)
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
0
Attacker Value
Unknown
CVE-2014-3531
Disclosure Date: October 18, 2017 (last updated November 26, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
0
Attacker Value
Unknown
CVE-2014-0208
Disclosure Date: October 16, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
0
Attacker Value
Unknown
CVE-2015-5246
Disclosure Date: October 06, 2017 (last updated November 26, 2024)
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
0
Attacker Value
Unknown
CVE-2015-5282
Disclosure Date: September 25, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
0
Attacker Value
Unknown
CVE-2015-5152
Disclosure Date: July 17, 2017 (last updated November 26, 2024)
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
0
Attacker Value
Unknown
CVE-2017-7505
Disclosure Date: May 26, 2017 (last updated November 26, 2024)
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
0