VYPR

rpm package

suse/cobbler&distro=SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS

pkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLS

Vulnerabilities (6)

  • CVE-2021-45083Feb 20, 2022
    affected < 2.2.2-0.68.15.1fixed 2.2.2-0.68.15.1

    An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of

  • CVE-2020-25592Nov 6, 2020
    affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1

    In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

  • CVE-2020-17490Nov 6, 2020
    affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1

    The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

  • CVE-2020-16846KEVNov 6, 2020
    affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1

    An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

  • CVE-2018-10931CriAug 9, 2018
    affected < 2.2.2-0.68.6.1fixed 2.2.2-0.68.6.1

    It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

  • CVE-2017-1000469CriJan 3, 2018
    affected < 2.2.2-0.68.3.1fixed 2.2.2-0.68.3.1

    Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.