CVE-2013-4182
- EPSS 0.71%
- Published 16.09.2013 19:14:38
- Last modified 11.04.2025 00:51:21
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
- EPSS 22.08%
- Published 31.07.2013 13:20:25
- Last modified 11.04.2025 00:51:21
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role...
- EPSS 44.3%
- Published 31.07.2013 13:20:25
- Last modified 11.04.2025 00:51:21
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2013-2882
- EPSS 1.72%
- Published 31.07.2013 13:20:13
- Last modified 11.04.2025 00:51:21
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."