Max CVSS | 6.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-2100 | 6.5 |
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
|
13-02-2023 - 04:50 | 20-05-2016 - 14:59 | |
CVE-2013-4347 | 5.8 |
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
|
13-02-2023 - 04:46 | 20-05-2014 - 14:55 | |
CVE-2013-2099 | 4.3 |
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial
|
13-02-2023 - 04:42 | 09-10-2013 - 14:53 | |
CVE-2015-3235 | 6.0 |
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
|
13-02-2023 - 00:48 | 14-08-2015 - 18:59 | |
CVE-2015-3155 | 5.0 |
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
13-02-2023 - 00:47 | 14-08-2015 - 18:59 | |
CVE-2015-0224 | 5.0 |
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
|
13-02-2023 - 00:45 | 30-10-2017 - 14:29 | |
CVE-2013-4346 | 4.3 |
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
|
13-02-2023 - 00:28 | 20-05-2014 - 14:55 | |
CVE-2015-1844 | 4.0 |
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
|
13-08-2018 - 21:47 | 14-08-2015 - 18:59 | |
CVE-2015-1816 | 5.0 |
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
|
13-08-2018 - 21:47 | 14-08-2015 - 18:59 | |
CVE-2015-0203 | 4.0 |
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, o
|
18-03-2018 - 14:05 | 21-02-2018 - 15:29 | |
CVE-2015-0223 | 5.0 |
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
|
05-01-2018 - 02:29 | 02-02-2015 - 16:59 | |
CVE-2015-1609 | 5.0 |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
|
01-07-2017 - 01:29 | 30-03-2015 - 14:59 | |
CVE-2014-3653 | 4.3 |
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
|
08-07-2015 - 16:05 | 06-07-2015 - 15:59 |