Lucene search

Cobblerd Security Vulnerabilities

cve

CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework

8.8CVSS

8.6AI Score

0.001EPSS

2019-11-19 04:15 PM

cve

CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

7.8CVSS

7.8AI Score

0.0004EPSS

2019-11-19 04:15 PM

cve

CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

8.7AI Score

0.03EPSS

2014-05-14 12:55 AM

cve

CVE-2018-1000225

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

6.1CVSS

7.5AI Score

0.001EPSS

2018-08-20 08:29 PM

114

cve

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation o...

9.8CVSS

9.5AI Score

0.013EPSS

2018-08-20 08:29 PM

132