Lucene search
+L

133 matches found

Cvelist
Cvelist
added 2014/05/14 12:0 a.m.30 views

CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

8.9AI score0.08809EPSS
Exploits2References9
GitLab Advisory Database
GitLab Advisory Database
added 2014/05/13 12:0 a.m.65 views

Local File inclusion

A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...

4CVSS6.1AI score0.08809EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.73 views

[oss-security] CVE Request - Local File inclusion in Cobbler

hi, as reported in https://github.com/cobbler/cobbler/issues/939 A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI in all versions. Cobbler ease setup of network installation environments. After informing cobbler team, a patch...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/30 12:0 a.m.28 views

Fedora 18 : livecd-tools-18.17-1.fc18 (2013-13131)

Added a couple features to livecd-iso-to-disk --updates and --ks and fixed a traceback when there are dependency problems running livecd-creator. Require rsync The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/08/01 12:0 a.m.37 views

CentOS Update for sos CESA-2013:1121 centos5

Check for the Version of sos OpenVAS Vulnerability Test CentOS Update for sos CESA-2013:1121 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

4.3CVSS6.4AI score0.01429EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/31 12:0 a.m.29 views

Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)

The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...

4.3CVSS5.4AI score0.01429EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/31 12:0 a.m.33 views

RHEL 5 : sos (RHSA-2013:1121)

An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

4.3CVSS5.5AI score0.01429EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/07/30 4:56 p.m.29 views

Low: Red Hat Security Advisory: sos security update

An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/07/30 4:56 p.m.9 views

sosreport does not blank root password in anaconda plugin

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.22 views

Fedora 17 : livecd-tools-17.17-1.fc17 (2013-9111)

The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.21 views

Fedora 19 : livecd-tools-19.4-1.fc19 (2013-9827)

Some fixed for running from F19 host. The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References3
Prion
Prion
added 2013/05/29 12:55 a.m.14 views

Default credentials

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges...

7.2CVSS6.7AI score0.00345EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2013/05/23 1:31 p.m.22 views

Important: Red Hat Security Advisory: KVM image security update

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References4
Fedora
Fedora
added 2013/05/11 3:15 a.m.16 views

[SECURITY] Fedora 19 Update: pykickstart-1.99.30-1.fc19

The pykickstart package is a python library for manipulating kickstart files...

2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/07/01 12:0 a.m.13 views

Fedora 17 2012-9621

Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

7.4AI score
Exploits0
NVD
NVD
added 2012/06/29 7:55 p.m.18 views

CVE-2012-2664

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS6.2AI score0.01429EPSS
Exploits0References5
Prion
Prion
added 2012/06/29 7:55 p.m.13 views

Default credentials

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS6.7AI score0.01429EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2012/06/29 7:0 p.m.19 views

CVE-2012-2664

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

6AI score0.01429EPSS
Exploits0References5
CVE
CVE
added 2012/06/29 7:0 p.m.76 views

CVE-2012-2664

CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...

4.3CVSS6.2AI score0.01429EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2012/06/19 3:23 p.m.5 views

sosreport does not blank root password in anaconda plugin

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References4
Rows per page
Query Builder