rpm package
opensuse/koan&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/koan&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9605 | Med | 6.1 | < 3.0.1-1.2 | 3.0.1-1.2 | Aug 22, 2018 | A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation. | |
| CVE-2011-4953 | — | < 3.0.1-1.2 | 3.0.1-1.2 | Oct 27, 2014 | The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet. |
- affected < 3.0.1-1.2fixed 3.0.1-1.2
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.
- CVE-2011-4953Oct 27, 2014affected < 3.0.1-1.2fixed 3.0.1-1.2
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.