Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cobbler project cobbler vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2011-4953
The set_mgmt_parameters function in item.py in cobbler prior to 2.2.2 allows context-dependent malicious users to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
Cobbler Project Cobbler
383
VMScore
CVE-2021-45081
An issue exists in Cobbler up to and including 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Cobbler Project Cobbler
890
VMScore
CVE-2017-1000469
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Cobbler Project Cobbler
668
VMScore
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
445
VMScore
CVE-2021-40324
Cobbler prior to 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler Project Cobbler
445
VMScore
CVE-2021-40325
Cobbler prior to 3.3.0 allows authorization bypass for modification of settings.
Cobbler Project Cobbler
383
VMScore
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.
Cobbler Project Cobbler 2.6.11-1
320
VMScore
CVE-2021-45083
An issue exists in Cobbler prior to 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users ...
Cobbler Project Cobbler
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
570
VMScore
CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler before 3.3.2.
Cobbler Project Cobbler
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
409
VMScore
CVE-2021-45082
An issue exists in Cobbler prior to 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Cobbler Project Cobbler
Suse Linux Enterprise Server 11
Opensuse Factory -
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Opensuse Backports Sle-15
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started