Vulnerabilities > Cobbler Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2022-0860 | Improper Authorization vulnerability in multiple products Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | 9.1 |
| 2022-02-20 | CVE-2021-45081 | Cleartext Transmission of Sensitive Information vulnerability in Cobbler Project Cobbler An issue was discovered in Cobbler through 3.3.1. | 5.9 |
| 2022-02-20 | CVE-2021-45083 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.1 |
| 2022-02-19 | CVE-2021-45082 | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
| 2021-10-04 | CVE-2021-40323 | Code Injection vulnerability in Cobbler Project Cobbler Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | 7.5 |
| 2021-10-04 | CVE-2021-40324 | Unrestricted Upload of File with Dangerous Type vulnerability in Cobbler Project Cobbler Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | 5.0 |
| 2021-10-04 | CVE-2021-40325 | Unspecified vulnerability in Cobbler Project Cobbler Cobbler before 3.3.0 allows authorization bypass for modification of settings. | 7.5 |
| 2018-08-22 | CVE-2016-9605 | Cross-site Scripting vulnerability in Cobbler Project Cobbler 2.6.111 A flaw was found in cobbler software component version 2.6.11-1. | 4.3 |
| 2018-08-09 | CVE-2018-10931 | Exposed Dangerous Method or Function vulnerability in multiple products It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. | 9.8 |
| 2018-01-03 | CVE-2017-1000469 | Improper Input Validation vulnerability in Cobbler Project Cobbler 2.2.1 Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | 10.0 |