Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.