CVE-2025-9572

all versions

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Un

5.0MEDIUM

CVE-2020-10716

all versions

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This

6.5MEDIUM

CVE-2020-10693

all versions

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expre

5.3MEDIUM

CVE-2018-1000632

all versions

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAtt

7.5HIGH

CVE-2016-8639

all versions

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an at

6.1MEDIUM

CVE-2016-9595

all versions

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user cou

7.3HIGH

CVE-2016-1000338

all versions

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification

7.5HIGH

CVE-2018-10237

all versions

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a

5.9MEDIUM

CVE-2018-5382

all versions

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS k

4.4MEDIUM

CVE-2017-2667

all versions

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that

8.1HIGH

CVE-2017-15095

all versions

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti

9.8CRITICAL

CVE-2017-7536

all versions

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permis

7.0HIGH

CVE-2017-15100

all versions

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when c

6.1MEDIUM

CVE-2017-5929

all versions

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

9.8CRITICAL