Filtered by vendor Cobbler Project
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2022-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | |||||
| CVE-2021-40323 | 1 Cobbler Project | 1 Cobbler | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | |||||
| CVE-2018-10931 | 2 Cobbler Project, Redhat | 2 Cobbler, Satellite | 2019-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. | |||||
| CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2018-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | |||||