19 matches found
CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API...
Linux Distros Unpatched Vulnerability : CVE-2018-1000226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable...
VulnCheck KEV: CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API...
RHEL 8 : cobbler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...
RHEL 8 : cobbler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...
CVE-2016-1000226
creationtimestamp| type| source ---|---|--- 2020-09-01 15:28:45+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-7f59-x49p-v8mq...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...
Fedora 29 : cobbler (2018-22c609e92a)
Fix empty man pages ---- - Revert bindmanageipmi feature that is broken on 2.8 - Use pathfix.py to fix python shebangs ---- - Update to 2.8.4 Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931 - Make koan require python2-ethtool BZ 1638933 Note that Tenable Network Security has...
Fedora 28 : cobbler (2018-1d2a79fe1c)
Fix empty man pages ---- - Revert bindmanageipmi feature that is broken on 2.8 - Use pathfix.py to fix python shebangs ---- - Update to 2.8.4 Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931 - Make koan require python2-ethtool BZ 1638933 Note that Tenable Network Security has...
openSUSE: Security Advisory for cobbler (openSUSE-SU-2018:2590-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for cobbler (important)
This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...
CVE-2018-1000226
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...
CVE-2018-1000226
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...
CVE-2018-1000226
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...
CVE-2018-1000226
CVE-2018-1000226 corresponds to an authentication bypass in Cobbler’s XMLRPC API (/cobbler_api). The connected nuclei template confirms an authentication bypass vulnerability that can enable privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting via network connec...
CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API...
CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API...
CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API...
CVE-2017-1000226
The CVE-2017-1000226 entry concerns WordPress Stop User Enumeration plugin version 1.3.8. The available connected data indicate a vulnerability that allows user enumeration via the REST API. The issue is described consistently across sources as stemming from the REST interface exposing username i...