Lucene search
K

133 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in pm10-kickstart.css (npm)

The package pm10-kickstart.css was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-21279 Malicious code in generator-django-kickstart (npm)

The package generator-django-kickstart was found to contain malicious code...

7.2AI score
Exploits0
Fedora
Fedora
added 2024/11/26 4:39 a.m.15 views

[SECURITY] Fedora 40 Update: cobbler-3.3.7-1.fc40

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.4AI score0.03948EPSS
Exploits6
Fedora
Fedora
added 2024/11/26 3:14 a.m.13 views

[SECURITY] Fedora 41 Update: cobbler-3.3.7-1.fc41

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.4AI score0.03948EPSS
Exploits6
Fedora
Fedora
added 2024/11/26 1:29 a.m.13 views

[SECURITY] Fedora 39 Update: cobbler-3.3.7-1.fc39

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.4AI score0.03948EPSS
Exploits6
Openbugbounty
Openbugbounty
added 2023/06/02 5:11 p.m.12 views

kickstartclinic.com Cross Site Scripting vulnerability OBB-3376142

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS7.5AI score0.02145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.3 views

SUSE CVE-2010-2235

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS7.8AI score0.03327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.3 views

SUSE CVE-2013-2069

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges...

7.2CVSS7AI score0.00345EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

4CVSS9.2AI score0.08809EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

4.3CVSS6AI score0.01759EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:45 a.m.34 views

Cobbler is vulnerable to code injection

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS5.6AI score0.03327EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/17 2:10 a.m.24 views

GHSA-P8W2-F44P-FMCJ Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS6.8AI score0.02145EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.50 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS7.2AI score0.02145EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.61 views

Improper Control of Generation of Code ('Code Injection')

CVE-2010-2235 RHN Satellite cobbler: Code injection flaw ACE as root by processing of a specially-crafted kickstart template file...

8.5CVSS2.7AI score0.03327EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/14 2:52 a.m.21 views

GHSA-XC7W-JVHX-P6Q9 Cobbler Path Traversal vulnerability

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

4CVSS8.8AI score0.08809EPSS
Exploits2References13
Github Security Blog
Github Security Blog
added 2022/05/14 2:52 a.m.35 views

Cobbler Path Traversal vulnerability

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

4CVSS6.8AI score0.08809EPSS
Exploits2References13Affected Software1
OpenVAS
OpenVAS
added 2022/04/01 12:0 a.m.18 views

Fedora: Security Advisory for cobbler (FEDORA-2022-445ec90e7c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.6AI score0.02256EPSS
Exploits2References2
Fedora
Fedora
added 2022/03/31 1:15 a.m.74 views

[SECURITY] Fedora 35 Update: cobbler-3.2.2-9.fc35

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

9.1CVSS2.9AI score0.02256EPSS
Exploits2
Fedora
Fedora
added 2022/03/31 12:40 a.m.47 views

[SECURITY] Fedora 34 Update: cobbler-3.2.2-11.fc34

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

9.1CVSS2.9AI score0.02256EPSS
Exploits1
Rows per page
Query Builder