Marek Hulán

#12114de 53,640
22.5CVSS total
Vulnerabilidades · 4
Média
4
PT-2019-6931
5.0
2019-12-10
Red Hat · Katello · CVE-2013-4120
**Name of the Vulnerable Software and Affected Versions** Katello (affected versions not specified) **Description** The issue is related to a Denial of Service vulnerability in the API OAuth authentication of Katello. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-12652
5.4
2018-10-12
Foreman · Foreman · CVE-2018-14664
**Name of the Vulnerable Software and Affected Versions** Foreman versions 1.18 and later **Description** A stored cross-site scripting issue exists due to improperly escaped HTML code in the breadcrumbs bar, allowing a user with permissions to edit the attribute used in the breadcrumbs bar to store code that will be executed on the client side. **Recommendations** For Foreman version 1.18, update to a version that includes a fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2016-5961
6.0
2016-08-19
Foreman · Foreman · CVE-2016-4451
**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.11.3 Foreman versions 1.12.x prior to 1.12.0-RC1 **Description** The issue allows remote authenticated users with unlimited filters to bypass organization and location restrictions. This can be achieved by leveraging knowledge of the id of an arbitrary organization, enabling the user to read or modify data for that organization. **Recommendations** For versions prior to 1.11.3, update to version 1.11.3 or later. For versions 1.12.x prior to 1.12.0-RC1, update to version 1.12.0-RC1 or later.
PT-2016-6825
6.1
2016-08-19
Foreman · Foreman · CVE-2016-6319
**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.12.2 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `label` parameter. This is related to the app/helpers/form helper.rb file in Foreman, which is used by Remote Execution and possibly other plugins. **Recommendations** For versions prior to 1.12.2, update to version 1.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `label` parameter in the affected API endpoint until the issue is resolved.