EUVD-2022-2448

Malicious code in bioql PyPI...

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

GHSA-CPQF-3C3R-C9G2 Cobbler before 3.3.0 allows log poisoning

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

PYSEC-2021-375

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

CVE-2017-1000469

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user...

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...