Known Vulnerabilities for products from Cobbler Project
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Cobbler Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40325 | Cobbler before 3.3.0 allows authorization bypass for modification of settings. | 7.5 - HIGH | 2021-10-04 | 2023-08-08 |
| CVE-2021-40324 | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | 7.5 - HIGH | 2021-10-04 | 2021-10-12 |
| CVE-2021-40323 | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile... | 9.8 - CRITICAL | 2021-10-04 | 2021-10-12 |
| CVE-2018-10931 | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenti... | 9.8 - CRITICAL | 2018-08-09 | 2023-02-12 |
| CVE-2017-1000469 | Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbit... | 9.8 - CRITICAL | 2018-01-03 | 2018-01-17 |
| CVE-2016-9605 | A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerabilit... | 6.1 - MEDIUM | 2018-08-22 | 2019-10-09 |
| CVE-2011-4953 | The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary c... | 6.8 - MEDIUM | 2014-10-27 | 2014-10-29 |
Known software with vulnerabilities from Cobbler Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cobbler Project | Cobbler | 2.2.1 |