Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/tfm-rubygem-foreman_remote_execution@1.3.7.2-1.fm1_15?arch=el7sat
purl pkg:rpm/redhat/tfm-rubygem-foreman_remote_execution@1.3.7.2-1.fm1_15?arch=el7sat
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.2
Vulnerabilities affecting this package (22)
Vulnerability Summary Fixed by
VCID-18aq-72zg-3uc9
Aliases:
CVE-2017-2295
puppet: Unsafe YAML deserialization There are no reported fixed by versions.
VCID-1fgf-s31g-pfac
Aliases:
CVE-2014-8183
foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization There are no reported fixed by versions.
VCID-3j8j-qks5-m3ew
Aliases:
CVE-2016-4451
foreman: privilege escalation through Organization and Locations API There are no reported fixed by versions.
VCID-4d6e-mx3k-yqgk
Aliases:
CVE-2016-7078
foreman: Information leak through organizations and locations feature There are no reported fixed by versions.
VCID-6bhb-kgf4-abe7
Aliases:
CVE-2016-8613
foreman: Stored XSS vulnerability in remote execution plugin There are no reported fixed by versions.
VCID-6hub-g2ja-afaw
Aliases:
CVE-2016-3693
GHSA-c92m-rrrc-q5wf
Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. There are no reported fixed by versions.
VCID-6jdw-pp1b-1qan
Aliases:
CVE-2016-9595
katello-debug: Possible symlink attacks due to use of predictable file names There are no reported fixed by versions.
VCID-7zj1-ye9x-cueu
Aliases:
CVE-2016-3696
pulp: Leakage of CA key in pulp-qpid-ssl-cfg There are no reported fixed by versions.
VCID-8fnw-r4f3-xqcg
Aliases:
CVE-2017-2672
foreman: Image password leak There are no reported fixed by versions.
VCID-asqu-5r9h-9yav
Aliases:
CVE-2018-14623
GHSA-jx5v-788g-qw58
SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. There are no reported fixed by versions.
VCID-avsj-f1g8-yfen
Aliases:
CVE-2016-6319
foreman: Persistent XSS in Foreman remote execution plugin There are no reported fixed by versions.
VCID-bvrv-wvt6-8yfy
Aliases:
CVE-2017-2667
GHSA-77h8-xr85-3x5q
Improper Certificate Validation Hammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. There are no reported fixed by versions.
VCID-cc8z-r1zy-23f2
Aliases:
CVE-2016-4995
foreman: Information disclosure in provisioning template previews There are no reported fixed by versions.
VCID-dfb9-31gj-57fs
Aliases:
CVE-2016-8634
foreman: Stored XSS in org/loc wizard There are no reported fixed by versions.
VCID-dh5x-wb2a-1ufj
Aliases:
CVE-2013-6459
GHSA-8r6h-7x9g-xmw9
OSV-101138
XSS vulnerabiliy in generated pagination links The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability. There are no reported fixed by versions.
VCID-dtva-ze8n-vycd
Aliases:
CVE-2016-4996
foreman: inside discovery-debug, the root password is displayed in plaintext There are no reported fixed by versions.
VCID-e488-4fjn-z3g2
Aliases:
CVE-2016-7077
foreman: Foreman information leak through unauthorized multiple_checkboxes helper There are no reported fixed by versions.
VCID-egve-f1uw-nfff
Aliases:
CVE-2016-9593
foreman-debug: missing obfuscation of sensitive information There are no reported fixed by versions.
VCID-kra9-9yr7-nbg6
Aliases:
CVE-2017-15699
Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect There are no reported fixed by versions.
VCID-p8ab-a4gk-eyd2
Aliases:
CVE-2016-1669
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. There are no reported fixed by versions.
VCID-ph9r-qphf-8fam
Aliases:
CVE-2016-3704
pulp: Unsafe use of bash $RANDOM for NSS DB password and seed There are no reported fixed by versions.
VCID-sa68-rwqe-tfgp
Aliases:
CVE-2016-8639
foreman: Stored XSS via organization/location with HTML in name There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:49:11.681019+00:00 RedHat Importer Affected by VCID-dh5x-wb2a-1ufj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json 38.0.0
2026-04-01T14:37:11.884488+00:00 RedHat Importer Affected by VCID-6hub-g2ja-afaw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json 38.0.0
2026-04-01T14:37:06.033580+00:00 RedHat Importer Affected by VCID-7zj1-ye9x-cueu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json 38.0.0
2026-04-01T14:37:01.690043+00:00 RedHat Importer Affected by VCID-ph9r-qphf-8fam https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json 38.0.0
2026-04-01T14:36:37.814514+00:00 RedHat Importer Affected by VCID-p8ab-a4gk-eyd2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json 38.0.0
2026-04-01T14:36:33.561472+00:00 RedHat Importer Affected by VCID-sa68-rwqe-tfgp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json 38.0.0
2026-04-01T14:36:29.678667+00:00 RedHat Importer Affected by VCID-3j8j-qks5-m3ew https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json 38.0.0
2026-04-01T14:36:15.067269+00:00 RedHat Importer Affected by VCID-dtva-ze8n-vycd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json 38.0.0
2026-04-01T14:36:14.180662+00:00 RedHat Importer Affected by VCID-cc8z-r1zy-23f2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json 38.0.0
2026-04-01T14:35:38.189840+00:00 RedHat Importer Affected by VCID-avsj-f1g8-yfen https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json 38.0.0
2026-04-01T14:34:07.917812+00:00 RedHat Importer Affected by VCID-e488-4fjn-z3g2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json 38.0.0
2026-04-01T14:34:06.443229+00:00 RedHat Importer Affected by VCID-4d6e-mx3k-yqgk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json 38.0.0
2026-04-01T14:33:58.836043+00:00 RedHat Importer Affected by VCID-6bhb-kgf4-abe7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json 38.0.0
2026-04-01T14:33:37.349897+00:00 RedHat Importer Affected by VCID-dfb9-31gj-57fs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json 38.0.0
2026-04-01T14:32:51.830207+00:00 RedHat Importer Affected by VCID-egve-f1uw-nfff https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json 38.0.0
2026-04-01T14:32:50.718386+00:00 RedHat Importer Affected by VCID-6jdw-pp1b-1qan https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json 38.0.0
2026-04-01T14:31:33.577160+00:00 RedHat Importer Affected by VCID-bvrv-wvt6-8yfy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json 38.0.0
2026-04-01T14:31:21.715685+00:00 RedHat Importer Affected by VCID-8fnw-r4f3-xqcg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json 38.0.0
2026-04-01T14:30:59.443941+00:00 RedHat Importer Affected by VCID-18aq-72zg-3uc9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json 38.0.0
2026-04-01T14:29:10.965179+00:00 RedHat Importer Affected by VCID-1fgf-s31g-pfac https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json 38.0.0
2026-04-01T14:26:10.998817+00:00 RedHat Importer Affected by VCID-kra9-9yr7-nbg6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json 38.0.0
2026-04-01T14:21:25.731227+00:00 RedHat Importer Affected by VCID-asqu-5r9h-9yav https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json 38.0.0