CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. CVE-2021-45081 Note that...

5.9CVSS5.9AI score0.00876EPSS

Exploits0References2

GithubExploit•added 2025/08/14 5:28 a.m.•434 views

Exploit for CVE-2024-47533

CVE-2024-47533 – Cobbler XML-RPC Authentication Bypass Exploit...

9.8CVSS8.1AI score0.03948EPSS

Exploits6

GithubExploit•added 2025/08/12 1:52 p.m.•669 views

Exploit for CVE-2024-47533

CVE-2024-47533 - Cobbler XMLRPC Authentication Bypass RCE Expl...

9.8CVSS10AI score0.03948EPSS

Exploits6

Tenable Nessus•added 2024/11/26 12:0 a.m.•9 views

Fedora 41 : cobbler (2024-4f04edd1e7)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4f04edd1e7 advisory. Update to 3.3.7 - CVE-2024-47533 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.8CVSS5.5AI score0.03948EPSS

Exploits6References2

OPENSUSE Linux•added 2024/11/21 12:0 a.m.•5 views

Security update for cobbler (critical)

openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2024:0370-1 Rating: critical References: 1231332 Cross-References: CVE-2024-47533 CVSS scores: CVE-2024-47533 SUSE: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ...

9.8CVSS7.4AI score0.03948EPSS

Exploits6References1

SUSE CVE•added 2023/02/15 5:58 a.m.•2 views

SUSE CVE-2010-2235

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS7.8AI score0.03327EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:37 a.m.•1 views

SUSE CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

8.1CVSS9.6AI score0.68635EPSS

Exploits0References6

Veracode•added 2022/02/21 8:24 a.m.•23 views

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists due to the cleartext transmission of data through the insecure HTTP protocol, allowing an attacker to gain sensitive information...

5.9CVSS0.4AI score0.00876EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2022/02/21 7:30 a.m.•51 views

CVE-2021-45081

A flaw was found in cobbler. The vulnerability occurs due to unsafe protocol usage and leads to cleartext transmission. This flaw allows an attacker to interact and see sensitive cleartext transmissions...

5.9CVSS4.5AI score0.00876EPSS

Exploits0References3

Veracode•added 2022/02/21 5:46 a.m.•33 views

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon...

7.1CVSS3.8AI score0.00306EPSS

Exploits0References12Affected Software1

PyPA•added 2022/02/20 6:15 p.m.•4 views

PYSEC-2022-38

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

7.1CVSS6.4AI score0.00306EPSS

Exploits0References4Affected Software1

Veracode•added 2021/10/05 5:19 a.m.•3 views

Authorization Bypass

cobbler is vulnerable to authorization bypass. an attacker can modify settings in XMLRPC through the modifysetting function in remote.py...

7.5CVSS6.5AI score0.01307EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2021/09/20 12:0 a.m.•0 views

PT-2021-22859 · Cobbler +2 · Cobbler +2

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.0 Description: The issue allows log poisoning and resultant Remote Code Execution via an XMLRPC method that logs to the logfile for template injection. Recommendations: For versions prior to 3.3.0, update to...

10CVSS8.4AI score0.88482EPSS

Exploits6References107

UbuntuCve•added 2018/08/22 9:29 p.m.•20 views

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.6AI score0.00799EPSS

Exploits0References3

OSV•added 2018/08/20 8:29 p.m.•0 views

UBUNTU-CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.2AI score0.12484EPSS

Exploits0References5

CNVD•added 2018/08/10 12:0 a.m.•3 views

cobbler elevation of privilege vulnerability

Cobbler is a Linux installation server that allows you to quickly set up a network installation environment. An elevation of privilege vulnerability exists in cobbler 2.6.x. The vulnerability stems from the fact that cobbler exposes all functions of the CobblerXMLRPCInterface class via XMLRPC. A...

9.8CVSS9.7AI score0.6786EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by