cobbler (SUSE:Manager Server Module 4.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Server Module 4.1 package cobbler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2021-40323 — CVSS 9.8 (critical): Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template…
CVE-2020-26217 — CVSS 8.0 (high): XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell…
CVE-2021-45082 — CVSS 7.8 (high): An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to…
CVE-2021-31607 — CVSS 7.8 (high): In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege…
CVE-2021-45083 — CVSS 7.1 (high): An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2020-26259 — CVSS 6.8 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File…
CVE-2020-26258 — CVSS 6.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request…
CVE-2021-28657 — CVSS 5.5 (medium): A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users…