Vulnerabilities > Cobbler Project

DATE CVE VULNERABILITY TITLE RISK
2022-03-11 CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
network
low complexity
cobbler-project fedoraproject
critical
9.1
2022-02-20 CVE-2021-45081 Cleartext Transmission of Sensitive Information vulnerability in Cobbler Project Cobbler
An issue was discovered in Cobbler through 3.3.1.
network
high complexity
cobbler-project CWE-319
5.9
2022-02-20 CVE-2021-45083 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Cobbler before 3.3.1.
local
low complexity
cobbler-project fedoraproject CWE-276
7.1
2022-02-19 CVE-2021-45082 Command Injection vulnerability in multiple products
An issue was discovered in Cobbler before 3.3.1.
7.8
2021-10-04 CVE-2021-40323 Code Injection vulnerability in Cobbler Project Cobbler
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
network
low complexity
cobbler-project CWE-94
critical
9.8
2021-10-04 CVE-2021-40324 Unrestricted Upload of File with Dangerous Type vulnerability in Cobbler Project Cobbler
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
network
low complexity
cobbler-project CWE-434
7.5
2021-10-04 CVE-2021-40325 Unspecified vulnerability in Cobbler Project Cobbler
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
network
low complexity
cobbler-project
7.5
2018-08-22 CVE-2016-9605 Cross-site Scripting vulnerability in Cobbler Project Cobbler 2.6.111
A flaw was found in cobbler software component version 2.6.11-1.
network
low complexity
cobbler-project CWE-79
6.1
2018-08-09 CVE-2018-10931 It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC.
network
low complexity
cobbler-project redhat
critical
9.8
2018-01-03 CVE-2017-1000469 Improper Input Validation vulnerability in Cobbler Project Cobbler
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
network
low complexity
cobbler-project CWE-20
critical
9.8