VIR Vulnerability Intelligence Relay

Package impact

python PyPI / cobbler

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2010-2235 high 8.5 16y ago Cobbler is vulnerable to code injection
CVE-2012-2395 high 7.5 14y ago Cobbler subject to Command Injection
CVE-2011-4953 medium 6.8 12y ago Cobbler vulnerable to code injection via unsafe YAML loading
CVE-2014-3225 medium 5.0 12y ago Cobbler Path Traversal vulnerability
CVE-2024-47533 unknown 2y ago cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
CVE-2008-6954 unknown 4y ago Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
CVE-2017-1000469 unknown 4y ago Cobbler vulnerable to arbitrary code execution
CVE-2018-1000225 unknown 4y ago Cobbler XSS Vulnerability
CVE-2018-10931 unknown 4y ago Cobbler has Exposed Dangerous Method or Function
CVE-2018-1000226 unknown 4y ago Cobbler Improper Validation of Security Tokens
CVE-2016-9605 unknown 4y ago Cobbler Arbitrary File Read
CVE-2011-4952 unknown 4y ago Cobbler Web Interface Lacks CSRF Protection
CVE-2022-0860 unknown 4y ago Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
CVE-2021-45083 unknown 4y ago An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privil…
CVE-2021-45082 unknown 4y ago An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring…
CVE-2021-40325 unknown 5y ago Cobbler before 3.3.0 allows authorization bypass for modification of settings.
CVE-2021-40323 unknown 5y ago Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
CVE-2021-40324 unknown 5y ago Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.