Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:theforeman:foreman:0.2:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0173 |
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Published: May 08, 2014; 10:29:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0171 |
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Published: May 08, 2014; 10:29:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5477 |
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. Published: May 08, 2014; 10:29:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.6 LOW |
CVE-2012-5648 |
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. Published: April 04, 2014; 10:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4386 |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. Published: November 20, 2013; 9:12:21 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4182 |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. Published: September 16, 2013; 3:14:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4180 |
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Published: September 16, 2013; 3:14:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |