Search criteria
15 vulnerabilities found for cobbler by michael_dehaan
FKIE_CVE-2012-2395
Vulnerability from fkie_nvd - Published: 2012-06-16 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| michael_dehaan | cobbler | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3937A0E5-7F9D-4FC5-9D0A-EE11C43A51FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en action_power.py de Cobbler 2.2.0. Permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de meta-caracteres de shell en los campos (1) username o (2) password del m\u00e9todo power_system method del API xmlrpc."
}
],
"id": "CVE-2012-2395",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-16T00:55:07.310",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/82458"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53666"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/cobbler/cobbler/issues/141"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4512
Vulnerability from fkie_nvd - Published: 2010-12-09 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814AD88-E4E7-4D84-B0B4-CC78C423962D",
"versionEndIncluding": "2.0.3.1-2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFB6CA1-8DE6-46A2-B651-9185B5C3F2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F56967E4-ED40-41BF-9C91-7954A010AF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2572B0E1-B53E-4321-AEFF-9693BDB4BDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6FA453-E023-4F97-A8D8-AF237E380388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627B0E5A-ADCC-42BD-BB59-AEF9E644DACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B8107-434B-4840-AC71-7F8C5B49DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5D040E2B-7C70-4472-BC3D-05E3A3ED3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9F8A0A-64A8-485D-A9D7-D7AC21DFF72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F63C6E4-14DD-4478-8BAA-339AD0ACCD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04B41068-0E9E-4E07-BB13-F36DAEE72FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E229C4C-B695-4206-ACBB-F5CC650839B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853B8AF2-A457-4B55-BF75-DB9D8DE223B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC609A3-8BEC-434D-B54D-35C37D1D1F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "084D307A-8D04-4CA6-8578-671DEE947F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE8A70-8380-4B3D-B21B-5DC4DE89BA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF3158-173F-49A7-83A7-A81B4FC01415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0619FD9-7B6D-4DCB-ABFF-F88836929A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE6AEA-64C4-4C14-B86B-3C23DCA1681D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E8A8A7-2C7F-4472-8325-F084422EF292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F7F4F-FDA3-4DDB-ADC9-3B3FBCB1EC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36D63C65-AB90-4333-B65A-01E8169B5949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "841920B9-7D97-4307-B26B-A4CC8719D1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB39A4A-3E43-4136-81CD-B60794EC404E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07589167-C139-41FF-903E-9368C614F782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5A98D-B58F-49BD-B592-ADF7C24B2914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6422638-6A04-4C78-A2EE-A2EF306EC437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF19E29-9CA7-4020-9493-37F1303D1872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "370D7F49-D17C-4E15-B32E-EB70B7132073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6519E-D036-4C98-A801-0C7BFAD5D83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34821A36-4C63-40BA-B45F-0C7B6B6D2455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CA84D7-1B4B-4C07-8743-9D1B291A9EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E173676-83B1-44FE-9739-CA46FDE94944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F114D84-0D39-47B1-B337-A2616E672346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFDEAC9-E8AC-4597-A584-A5989F11BE04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB865F95-A38D-4A67-8219-AA74946F4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90C6F857-41DD-46E4-9D58-DF95EF2D0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1347D094-2161-4FAA-9208-4EAB6E6E5A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED95EDC-D6A6-4011-908E-E9540B708651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C225ECD-81C9-45CF-AAD2-51C1093DCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4E3814-CC61-4777-8560-BD942EECED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "392DF7EC-212D-4EF1-ABE8-72FC4A3788AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B63EB5FF-90F4-4AA0-8AE4-4A96A4550F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4F2C96-0BB4-446B-B867-185217B8D652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A741C94E-0F82-4E0B-8497-50C126361B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F12092B-68F6-4C6A-8349-E93DCCE9A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "930CA896-159C-476A-98B4-82B1D9B7624C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "79979861-DDEC-4A30-8C3D-D319880A7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84AF0249-C9A1-46FE-AA6E-8A59B9BD0EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D30F7DB-7BCD-400E-A49E-7ECF8C898EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB26B6A4-322B-42D9-BC7B-3E21BFAEB5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E735E39F-C085-4169-8EA5-7A07B68D07D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AC1530-73CA-4616-99E8-2A5690A8C392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0-2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBA8769-A08E-45D8-A30C-B8AAEACEBE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "821389C2-FB2B-41E6-96B5-8CB93D79389E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "78AF071D-0F5F-480C-948A-4889D6F36C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "482C46D3-83C3-4BB2-88B7-DE466F19DEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "5898B895-73AB-44C8-82A2-C38B9E758C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF0AD72-0A4C-4794-8358-EB71DBCAC82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.3-4:*:*:*:*:*:*:*",
"matchCriteriaId": "8656C59E-200E-40B6-A291-80D2FDC1E78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E7431-95B1-448C-9C93-703E75FA2F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BC6A5D-FCA8-49AD-ABEE-0593B1ADCBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CAD662-07EB-4F5D-A59A-E5A60840131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA29642-4F5D-4AE6-94AB-564B786A5B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "678521C0-3A02-4FA5-A76F-0C4E96D5CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C72FB6-82B6-471F-AACD-DD659866C5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74F8C975-D469-4FE2-B3E8-F6F2509D5F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "681310E1-7A63-41FD-9F9A-B73929220591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B359806-C75D-48FE-8120-5447BF91B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF65747-580F-46D8-8F11-CC60878150CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5744CFFA-0B50-44D2-834B-365571323D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA12D9B-C011-4CCB-B626-C2D6931095A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59C8FE0D-632C-4B0E-BD02-7FF1488BB017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D959C0-00B3-450D-98F1-D7B530E03D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1B5476-1369-477F-B404-2A35C3F7BCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.0-1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D8CA05-C4E8-423E-9526-5D92CFDC93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "102CD4CD-E4B6-40E8-BD20-24F028D902BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "78606FF8-A2C1-4774-84DE-794E6AF11311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "58F60B9C-3A2B-4D78-98B0-B5EA9F890EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EF629F-6900-48E9-8775-FE1251B1E11C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
},
{
"lang": "es",
"value": "Cobbler en versiones anteriores a la 2.0.4 usa un valor de umask incorrecto, lo que permite a usuarios locales tener un impacto no especificado aprovechando permisos de escritura para todos en ficheros y directorios."
}
],
"id": "CVE-2010-4512",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-09T20:00:18.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42602"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2235
Vulnerability from fkie_nvd - Published: 2010-12-09 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F844D746-8CA1-4B82-B3C5-8A0046BF1130",
"versionEndIncluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFB6CA1-8DE6-46A2-B651-9185B5C3F2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F56967E4-ED40-41BF-9C91-7954A010AF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2572B0E1-B53E-4321-AEFF-9693BDB4BDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6FA453-E023-4F97-A8D8-AF237E380388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627B0E5A-ADCC-42BD-BB59-AEF9E644DACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B8107-434B-4840-AC71-7F8C5B49DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5D040E2B-7C70-4472-BC3D-05E3A3ED3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9F8A0A-64A8-485D-A9D7-D7AC21DFF72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F63C6E4-14DD-4478-8BAA-339AD0ACCD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04B41068-0E9E-4E07-BB13-F36DAEE72FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E229C4C-B695-4206-ACBB-F5CC650839B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853B8AF2-A457-4B55-BF75-DB9D8DE223B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC609A3-8BEC-434D-B54D-35C37D1D1F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "084D307A-8D04-4CA6-8578-671DEE947F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE8A70-8380-4B3D-B21B-5DC4DE89BA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF3158-173F-49A7-83A7-A81B4FC01415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0619FD9-7B6D-4DCB-ABFF-F88836929A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE6AEA-64C4-4C14-B86B-3C23DCA1681D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E8A8A7-2C7F-4472-8325-F084422EF292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F7F4F-FDA3-4DDB-ADC9-3B3FBCB1EC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36D63C65-AB90-4333-B65A-01E8169B5949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "841920B9-7D97-4307-B26B-A4CC8719D1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB39A4A-3E43-4136-81CD-B60794EC404E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07589167-C139-41FF-903E-9368C614F782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5A98D-B58F-49BD-B592-ADF7C24B2914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6422638-6A04-4C78-A2EE-A2EF306EC437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF19E29-9CA7-4020-9493-37F1303D1872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "370D7F49-D17C-4E15-B32E-EB70B7132073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6519E-D036-4C98-A801-0C7BFAD5D83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34821A36-4C63-40BA-B45F-0C7B6B6D2455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CA84D7-1B4B-4C07-8743-9D1B291A9EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E173676-83B1-44FE-9739-CA46FDE94944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F114D84-0D39-47B1-B337-A2616E672346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFDEAC9-E8AC-4597-A584-A5989F11BE04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB865F95-A38D-4A67-8219-AA74946F4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90C6F857-41DD-46E4-9D58-DF95EF2D0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1347D094-2161-4FAA-9208-4EAB6E6E5A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED95EDC-D6A6-4011-908E-E9540B708651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C225ECD-81C9-45CF-AAD2-51C1093DCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4E3814-CC61-4777-8560-BD942EECED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "392DF7EC-212D-4EF1-ABE8-72FC4A3788AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B63EB5FF-90F4-4AA0-8AE4-4A96A4550F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4F2C96-0BB4-446B-B867-185217B8D652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A741C94E-0F82-4E0B-8497-50C126361B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F12092B-68F6-4C6A-8349-E93DCCE9A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "930CA896-159C-476A-98B4-82B1D9B7624C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "79979861-DDEC-4A30-8C3D-D319880A7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84AF0249-C9A1-46FE-AA6E-8A59B9BD0EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D30F7DB-7BCD-400E-A49E-7ECF8C898EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB26B6A4-322B-42D9-BC7B-3E21BFAEB5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E735E39F-C085-4169-8EA5-7A07B68D07D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AC1530-73CA-4616-99E8-2A5690A8C392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0-2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBA8769-A08E-45D8-A30C-B8AAEACEBE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "821389C2-FB2B-41E6-96B5-8CB93D79389E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "78AF071D-0F5F-480C-948A-4889D6F36C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "482C46D3-83C3-4BB2-88B7-DE466F19DEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "5898B895-73AB-44C8-82A2-C38B9E758C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF0AD72-0A4C-4794-8358-EB71DBCAC82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.3-4:*:*:*:*:*:*:*",
"matchCriteriaId": "8656C59E-200E-40B6-A291-80D2FDC1E78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E7431-95B1-448C-9C93-703E75FA2F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BC6A5D-FCA8-49AD-ABEE-0593B1ADCBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CAD662-07EB-4F5D-A59A-E5A60840131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA29642-4F5D-4AE6-94AB-564B786A5B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "678521C0-3A02-4FA5-A76F-0C4E96D5CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C72FB6-82B6-471F-AACD-DD659866C5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74F8C975-D469-4FE2-B3E8-F6F2509D5F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "681310E1-7A63-41FD-9F9A-B73929220591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B359806-C75D-48FE-8120-5447BF91B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF65747-580F-46D8-8F11-CC60878150CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5744CFFA-0B50-44D2-834B-365571323D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA12D9B-C011-4CCB-B626-C2D6931095A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59C8FE0D-632C-4B0E-BD02-7FF1488BB017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.6.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D959C0-00B3-450D-98F1-D7B530E03D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1B5476-1369-477F-B404-2A35C3F7BCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.0-1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D8CA05-C4E8-423E-9526-5D92CFDC93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "102CD4CD-E4B6-40E8-BD20-24F028D902BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "78606FF8-A2C1-4774-84DE-794E6AF11311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "58F60B9C-3A2B-4D78-98B0-B5EA9F890EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EF629F-6900-48E9-8775-FE1251B1E11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.3.1-2:*:*:*:*:*:*:*",
"matchCriteriaId": "167BD572-1F8E-45FE-AA5A-E6F78974A909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:2.0.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0864BB01-99AD-4249-A1D3-CFB5DD02033F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954."
},
{
"lang": "es",
"value": "template_api.py en Cobbler, en versiones anteriores a la 2.0.7, como es usado en Red Hat Network Satellite Server y otros productos, no deshabilita la posiblidad del motor de plantillas Cheetah de ejecutar declaraciones Python contenidas en plantillas, lo que permite a administradores remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero de plantilla kickstart manipulado, una vulnerabilidad diferente a CVE-2008-6954."
}
],
"id": "CVE-2010-2235",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-09T20:00:17.147",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5021
Vulnerability from fkie_nvd - Published: 2010-12-09 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1A30A8-8D10-4CFB-AB6D-831557CBCA4A",
"versionEndIncluding": "1.4.3-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFB6CA1-8DE6-46A2-B651-9185B5C3F2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F56967E4-ED40-41BF-9C91-7954A010AF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2572B0E1-B53E-4321-AEFF-9693BDB4BDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6FA453-E023-4F97-A8D8-AF237E380388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627B0E5A-ADCC-42BD-BB59-AEF9E644DACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B8107-434B-4840-AC71-7F8C5B49DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5D040E2B-7C70-4472-BC3D-05E3A3ED3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9F8A0A-64A8-485D-A9D7-D7AC21DFF72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F63C6E4-14DD-4478-8BAA-339AD0ACCD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04B41068-0E9E-4E07-BB13-F36DAEE72FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E229C4C-B695-4206-ACBB-F5CC650839B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853B8AF2-A457-4B55-BF75-DB9D8DE223B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC609A3-8BEC-434D-B54D-35C37D1D1F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "084D307A-8D04-4CA6-8578-671DEE947F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE8A70-8380-4B3D-B21B-5DC4DE89BA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF3158-173F-49A7-83A7-A81B4FC01415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0619FD9-7B6D-4DCB-ABFF-F88836929A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE6AEA-64C4-4C14-B86B-3C23DCA1681D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E8A8A7-2C7F-4472-8325-F084422EF292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F7F4F-FDA3-4DDB-ADC9-3B3FBCB1EC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36D63C65-AB90-4333-B65A-01E8169B5949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "841920B9-7D97-4307-B26B-A4CC8719D1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB39A4A-3E43-4136-81CD-B60794EC404E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07589167-C139-41FF-903E-9368C614F782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5A98D-B58F-49BD-B592-ADF7C24B2914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6422638-6A04-4C78-A2EE-A2EF306EC437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF19E29-9CA7-4020-9493-37F1303D1872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "370D7F49-D17C-4E15-B32E-EB70B7132073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6519E-D036-4C98-A801-0C7BFAD5D83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34821A36-4C63-40BA-B45F-0C7B6B6D2455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CA84D7-1B4B-4C07-8743-9D1B291A9EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E173676-83B1-44FE-9739-CA46FDE94944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F114D84-0D39-47B1-B337-A2616E672346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFDEAC9-E8AC-4597-A584-A5989F11BE04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB865F95-A38D-4A67-8219-AA74946F4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90C6F857-41DD-46E4-9D58-DF95EF2D0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1347D094-2161-4FAA-9208-4EAB6E6E5A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED95EDC-D6A6-4011-908E-E9540B708651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C225ECD-81C9-45CF-AAD2-51C1093DCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4E3814-CC61-4777-8560-BD942EECED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "392DF7EC-212D-4EF1-ABE8-72FC4A3788AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B63EB5FF-90F4-4AA0-8AE4-4A96A4550F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4F2C96-0BB4-446B-B867-185217B8D652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A741C94E-0F82-4E0B-8497-50C126361B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F12092B-68F6-4C6A-8349-E93DCCE9A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "930CA896-159C-476A-98B4-82B1D9B7624C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "79979861-DDEC-4A30-8C3D-D319880A7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84AF0249-C9A1-46FE-AA6E-8A59B9BD0EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D30F7DB-7BCD-400E-A49E-7ECF8C898EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB26B6A4-322B-42D9-BC7B-3E21BFAEB5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.3.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E735E39F-C085-4169-8EA5-7A07B68D07D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AC1530-73CA-4616-99E8-2A5690A8C392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.0-2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBA8769-A08E-45D8-A30C-B8AAEACEBE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "821389C2-FB2B-41E6-96B5-8CB93D79389E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "78AF071D-0F5F-480C-948A-4889D6F36C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "482C46D3-83C3-4BB2-88B7-DE466F19DEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "5898B895-73AB-44C8-82A2-C38B9E758C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF0AD72-0A4C-4794-8358-EB71DBCAC82C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password."
},
{
"lang": "es",
"value": "Cobbler, en versiones anteriores a la 1.6.1, no determina de manera apropiada si una instalaci\u00f3n tiene la contrase\u00f1a por defecto, lo que facilita a los atacantes obtener acceso usando esta contrase\u00f1a."
}
],
"id": "CVE-2009-5021",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-09T20:00:01.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6954
Vulnerability from fkie_nvd - Published: 2009-08-12 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2918B32-247E-482A-B0A7-4FAE6D6D6DFC",
"versionEndIncluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFB6CA1-8DE6-46A2-B651-9185B5C3F2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F56967E4-ED40-41BF-9C91-7954A010AF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2572B0E1-B53E-4321-AEFF-9693BDB4BDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6FA453-E023-4F97-A8D8-AF237E380388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "627B0E5A-ADCC-42BD-BB59-AEF9E644DACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B8107-434B-4840-AC71-7F8C5B49DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5D040E2B-7C70-4472-BC3D-05E3A3ED3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9F8A0A-64A8-485D-A9D7-D7AC21DFF72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F63C6E4-14DD-4478-8BAA-339AD0ACCD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04B41068-0E9E-4E07-BB13-F36DAEE72FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E229C4C-B695-4206-ACBB-F5CC650839B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853B8AF2-A457-4B55-BF75-DB9D8DE223B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC609A3-8BEC-434D-B54D-35C37D1D1F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "084D307A-8D04-4CA6-8578-671DEE947F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE8A70-8380-4B3D-B21B-5DC4DE89BA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF3158-173F-49A7-83A7-A81B4FC01415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0619FD9-7B6D-4DCB-ABFF-F88836929A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE6AEA-64C4-4C14-B86B-3C23DCA1681D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E8A8A7-2C7F-4472-8325-F084422EF292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F7F4F-FDA3-4DDB-ADC9-3B3FBCB1EC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36D63C65-AB90-4333-B65A-01E8169B5949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "841920B9-7D97-4307-B26B-A4CC8719D1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB39A4A-3E43-4136-81CD-B60794EC404E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07589167-C139-41FF-903E-9368C614F782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5A98D-B58F-49BD-B592-ADF7C24B2914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6422638-6A04-4C78-A2EE-A2EF306EC437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF19E29-9CA7-4020-9493-37F1303D1872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "370D7F49-D17C-4E15-B32E-EB70B7132073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6519E-D036-4C98-A801-0C7BFAD5D83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34821A36-4C63-40BA-B45F-0C7B6B6D2455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CA84D7-1B4B-4C07-8743-9D1B291A9EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E173676-83B1-44FE-9739-CA46FDE94944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F114D84-0D39-47B1-B337-A2616E672346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFDEAC9-E8AC-4597-A584-A5989F11BE04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB865F95-A38D-4A67-8219-AA74946F4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90C6F857-41DD-46E4-9D58-DF95EF2D0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1347D094-2161-4FAA-9208-4EAB6E6E5A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED95EDC-D6A6-4011-908E-E9540B708651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C225ECD-81C9-45CF-AAD2-51C1093DCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4E3814-CC61-4777-8560-BD942EECED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_dehaan:cobbler:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "392DF7EC-212D-4EF1-ABE8-72FC4A3788AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules."
},
{
"lang": "es",
"value": "La interfaz web en Cobbler (CobblerWeb) anterior a v1.29, permite a usuarios autenticados remotamente ejecutar c\u00f3digo Python de su elecci\u00f3n en cobblerd, mediante la edici\u00f3n de la plantilla \"Cheetah kickstart\" a los m\u00f3dulos \"import Python\" arbitrarios."
}
],
"id": "CVE-2008-6954",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-12T10:30:00.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32737"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32804"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-2395 (GCVE-0-2012-2395)
Vulnerability from cvelistv5 – Published: 2012-06-16 00:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"name": "[oss-security] 20120523 CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"name": "53666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"name": "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"name": "openSUSE-SU-2012:0655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"name": "82458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"name": "[oss-security] 20120523 CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"name": "53666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"name": "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"name": "openSUSE-SU-2012:0655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"name": "82458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82458"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2395",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2235 (GCVE-0-2010-2235)
Vulnerability from cvelistv5 – Published: 2010-12-09 19:00 – Updated: 2024-08-07 02:25
VLAI?
Summary
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name": "RHSA-2010:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-09T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name": "RHSA-2010:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2235",
"datePublished": "2010-12-09T19:00:00Z",
"dateReserved": "2010-06-09T00:00:00Z",
"dateUpdated": "2024-08-07T02:25:07.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5021 (GCVE-0-2009-5021)
Vulnerability from cvelistv5 – Published: 2010-12-09 19:00 – Updated: 2024-08-07 07:24
VLAI?
Summary
Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cobbler-password-weak-security(64734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cobbler-password-weak-security(64734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cobbler-password-weak-security(64734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5021",
"datePublished": "2010-12-09T19:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T07:24:53.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4512 (GCVE-0-2010-4512)
Vulnerability from cvelistv5 – Published: 2010-12-09 19:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42602"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4512",
"datePublished": "2010-12-09T19:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6954 (GCVE-0-2008-6954)
Vulnerability from cvelistv5 – Published: 2009-08-12 10:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-9723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-9723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-9723",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"refsource": "OSVDB",
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32317"
},
{
"name": "http://freshmeat.net/projects/cobbler/releases/288374",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6954",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-11T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2395 (GCVE-0-2012-2395)
Vulnerability from nvd – Published: 2012-06-16 00:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"name": "[oss-security] 20120523 CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"name": "53666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"name": "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"name": "openSUSE-SU-2012:0655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"name": "82458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"name": "[oss-security] 20120523 CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"name": "53666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"name": "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"name": "openSUSE-SU-2012:0655",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"name": "82458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82458"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2395",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2235 (GCVE-0-2010-2235)
Vulnerability from nvd – Published: 2010-12-09 19:00 – Updated: 2024-08-07 02:25
VLAI?
Summary
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name": "RHSA-2010:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-09T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name": "RHSA-2010:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2235",
"datePublished": "2010-12-09T19:00:00Z",
"dateReserved": "2010-06-09T00:00:00Z",
"dateUpdated": "2024-08-07T02:25:07.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5021 (GCVE-0-2009-5021)
Vulnerability from nvd – Published: 2010-12-09 19:00 – Updated: 2024-08-07 07:24
VLAI?
Summary
Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cobbler-password-weak-security(64734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cobbler-password-weak-security(64734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cobbler-password-weak-security(64734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5021",
"datePublished": "2010-12-09T19:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T07:24:53.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4512 (GCVE-0-2010-4512)
Vulnerability from nvd – Published: 2010-12-09 19:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42602"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4512",
"datePublished": "2010-12-09T19:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6954 (GCVE-0-2008-6954)
Vulnerability from nvd – Published: 2009-08-12 10:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-9723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-9723",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-9723",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html"
},
{
"name": "50291",
"refsource": "OSVDB",
"url": "http://osvdb.org/50291"
},
{
"name": "FEDORA-2008-9745",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html"
},
{
"name": "32804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32804"
},
{
"name": "32737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32737"
},
{
"name": "cobbler-interface-code-execution(46625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46625"
},
{
"name": "32317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32317"
},
{
"name": "http://freshmeat.net/projects/cobbler/releases/288374",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/cobbler/releases/288374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6954",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-11T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}