6 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1000225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable...
RHEL 8 : cobbler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...
RHEL 8 : cobbler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...
openSUSE: Security Advisory for cobbler (openSUSE-SU-2018:2590-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for cobbler (important)
This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...
CVE-2018-1000225
CVE-2018-1000225 is an XSS vulnerability in Cobbler’s web interface (cobbler-web) that can escalate privileges to admin. Technical details in the sources indicate the issue affects Cobbler versions at least as early as 2.0.0+ and is present in 2.6.11+ according to the description. The exploit pat...