Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP2 package cobbler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2017-1000469 — CVSS 9.8 (critical): Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code…
CVE-2018-1000226 — CVSS 9.8 (critical): Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older…
CVE-2018-10931 — CVSS 9.8 (critical): It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker…
CVE-2012-2395 — CVSS 7.5 (high): Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell…
CVE-2011-4953 — CVSS 6.8 (medium): The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via…
CVE-2018-1000225 — CVSS 6.1 (medium): Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older…