Lucene search
K

6348 matches found

Veracode
Veracode
added 2022/02/21 2:32 p.m.29 views

Privilege Escalation

cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...

7.8CVSS3.4AI score0.00495EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2022/02/20 12:0 a.m.30 views

GHSA-6CM4-GM85-972C Command Injection in Cobbler

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

8.5CVSS7.5AI score0.00495EPSS
Exploits1References10
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/20 12:0 a.m.36 views

Improper Neutralization of Special Elements used in a Command ('Command Injection')

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the from MODULE import substring. Only lines beginning with import are blocked...

7.8CVSS4AI score0.00495EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/02/19 12:15 a.m.16 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.8CVSS0.00495EPSS
Exploits1References5
OSV
OSV
added 2022/02/19 12:15 a.m.28 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.8CVSS7.3AI score
Exploits0References5
Prion
Prion
added 2022/02/19 12:15 a.m.29 views

Design/Logic Flaw

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

4.6CVSS7.5AI score0.00495EPSS
Exploits1References5Affected Software4
UbuntuCve
UbuntuCve
added 2022/02/19 12:15 a.m.42 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.8CVSS7.2AI score0.00495EPSS
Exploits1References4
OSV
OSV
added 2022/02/19 12:15 a.m.49 views

PYSEC-2022-37

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.8CVSS3.2AI score0.00495EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/19 12:0 a.m.24 views

microweber 安全漏洞

Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...

5.3CVSS5.5AI score0.01032EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/18 11:23 p.m.19 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.9AI score0.00495EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.4 views

Cobbler 命令注入漏洞

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...

7.8CVSS5.8AI score0.00495EPSS
Exploits1References9
Vulnerability Lab
Vulnerability Lab
added 2022/02/18 12:0 a.m.402 views

Priceel CMS - Multiple Persistent Web Vulnerabilities

Document Title: =============== Priceel CMS - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2297 Release Date: ============= 2022-02-18 Vulnerability Laboratory ID VL-ID: ==================================== 229...

0.3AI score
Exploits0
Prion
Prion
added 2022/02/16 11:15 p.m.19 views

Input validation

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

4.3CVSS7.2AI score0.01247EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2022/02/16 11:15 p.m.32 views

CVE-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7AI score0.01247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/16 11:15 p.m.3 views

CVE-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7AI score0.01247EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2022/02/16 2:3 p.m.33 views

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...

0.9AI score
Exploits0
Fedora
Fedora
added 2022/02/16 1:28 a.m.36 views

[SECURITY] Fedora 35 Update: varnish-modules-0.18.0-5.fc35

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

9.1CVSS0.8AI score0.01957EPSS
Exploits0
Code423n4
Code423n4
added 2022/02/16 12:0 a.m.5 views

Collect modules can fail on zero amount transfers if treasury fee is set to zero

Lines of code Vulnerability details Impact Treasury fee can be zero, while collect modules do attempt to send it in such a case anyway as there is no check in place. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. This way, a combination of zero treasury fee and such...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2022/02/16 12:0 a.m.21 views

Fedora: Security Advisory for varnish-modules (FEDORA-2022-2f14ec7663)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS9.3AI score0.01957EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 1:57 a.m.23 views

GHSA-V4H8-794J-G8MM Arbitrary File Override in Docker Engine

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

5.1CVSS7.4AI score0.00567EPSS
Exploits0References9
Rows per page
Query Builder