Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 19 results


CVE-2022-0860

Low priority
Fixed

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Fixed
Show less packages

CVE-2021-45083

Medium priority
Fixed

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The...

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Fixed
Show less packages

CVE-2021-45081

Medium priority
Ignored

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Ignored
Show less packages

CVE-2021-45082

Low priority
Fixed

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with...

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Fixed
Show less packages

CVE-2021-40325

High priority
Fixed

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Not in release Not in release Not in release Fixed
Show less packages

CVE-2021-40324

High priority
Fixed

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Not in release Not in release Not in release Fixed
Show less packages

CVE-2021-40323

High priority
Fixed

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler Not in release Not in release Not in release Fixed
Show less packages

CVE-2012-2092

Medium priority

Some fixes available 3 of 4

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

2 affected packages

cobbler, maas-provision

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler
maas-provision
Show less packages

CVE-2011-4954

Medium priority

Some fixes available 3 of 5

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler
Show less packages

CVE-2011-4952

Low priority

Some fixes available 3 of 5

cobbler: Web interface lacks CSRF protection when using Django framework

1 affected packages

cobbler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cobbler
Show less packages