VIR Vulnerability Intelligence Relay

Package impact

python PyPI / cobbler

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2010-2235 high 8.5 16y ago Cobbler is vulnerable to code injection python
CVE-2012-2395 high 7.5 14y ago Cobbler subject to Command Injection python
CVE-2011-4953 medium 6.8 12y ago Cobbler vulnerable to code injection via unsafe YAML loading python
CVE-2014-3225 medium 4.0 12y ago Cobbler Path Traversal vulnerability python
CVE-2024-47533 unknown 2y ago cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes susepython
CVE-2008-6954 unknown 4y ago Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability python
CVE-2017-1000469 unknown 4y ago Cobbler vulnerable to arbitrary code execution susepython
CVE-2018-1000225 unknown 4y ago Cobbler XSS Vulnerability susepython
CVE-2018-10931 unknown 4y ago Cobbler has Exposed Dangerous Method or Function susepython
CVE-2018-1000226 unknown 4y ago Cobbler Improper Validation of Security Tokens susepython
CVE-2016-9605 unknown 4y ago Cobbler Arbitrary File Read python
CVE-2011-4952 unknown 4y ago Cobbler Web Interface Lacks CSRF Protection python
CVE-2022-0860 unknown 4y ago Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. susepython
CVE-2021-45083 unknown 4y ago An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privil… susepython
CVE-2021-45082 unknown 4y ago An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring… susepython
CVE-2021-40325 unknown 5y ago Cobbler before 3.3.0 allows authorization bypass for modification of settings. susepython
CVE-2021-40323 unknown 5y ago Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. susepython
CVE-2021-40324 unknown 5y ago Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. susepython