Known Vulnerabilities for products from Cobbler Project
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Cobbler Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0860 json | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | 9.1 - CRITICAL | 2022-03-11 | 2023-11-07 |
| CVE-2021-45083 json | An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some se... | 7.1 - HIGH | 2022-02-20 | 2023-11-07 |
| CVE-2021-45082 json | An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Che... | 7.8 - HIGH | 2022-02-19 | 2023-11-07 |
| CVE-2021-45081 json | An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure ... | 5.9 - MEDIUM | 2022-02-20 | 2023-08-08 |
| CVE-2021-40325 json | Cobbler before 3.3.0 allows authorization bypass for modification of settings. | 7.5 - HIGH | 2021-10-04 | 2023-08-08 |
| CVE-2021-40324 json | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | 7.5 - HIGH | 2021-10-04 | 2021-10-12 |
| CVE-2021-40323 json | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile... | 9.8 - CRITICAL | 2021-10-04 | 2021-10-12 |
| CVE-2018-10931 json | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenti... | 9.8 - CRITICAL | 2018-08-09 | 2023-02-12 |
| CVE-2017-1000469 json | Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbit... | 9.8 - CRITICAL | 2018-01-03 | 2018-01-17 |
| CVE-2016-9605 json | A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerabilit... | 6.1 - MEDIUM | 2018-08-22 | 2019-10-09 |
| CVE-2011-4953 json | The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary c... | 6.8 - MEDIUM | 2014-10-27 | 2014-10-29 |
Known software with vulnerabilities from Cobbler Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cobbler Project | Cobbler | 2.2.1 |