Description
V8: integer overflow leading to buffer overflow in Zone::New.
rubygem-will_paginate: XSS vulnerabilities.
foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization.
foreman: inspect in a provisioning template exposes sensitive controller information.
pulp: Unsafe use of bash $RANDOM for NSS DB password and seed.
foreman: privilege escalation through Organization and Locations API.
foreman: inside discovery-debug, the root password is displayed in plaintext.
foreman: Persistent XSS in Foreman remote execution plugin.
foreman: Stored XSS via organization/location with HTML in name.
katello-debug: Possible symlink attacks due to use of predictable file names.
rubygem-hammer_cli: no verification of API server's SSL certificate.
foreman: Image password leak.
pulp: Leakage of CA key in pulp-qpid-ssl-cfg.
foreman: Information disclosure in provisioning template previews.
foreman-debug: missing obfuscation of sensitive information.