Search Results (Refine Search)
- CPE Product Version: cpe:/a:theforeman:foreman:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0174 |
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. Published: May 08, 2014; 10:29:07 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0173 |
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Published: May 08, 2014; 10:29:07 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0171 |
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Published: May 08, 2014; 10:29:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5477 |
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. Published: May 08, 2014; 10:29:07 AM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2012-5648 |
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. Published: April 04, 2014; 10:55:04 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4386 |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. Published: November 20, 2013; 9:12:21 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4182 |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4180 |
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2121 |
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-2113 |
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |