It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
Max CVSS
9.8
EPSS Score
0.66%
Published
2018-08-09
Updated
2023-02-12
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
Max CVSS
9.8
EPSS Score
0.52%
Published
2018-07-27
Updated
2023-02-12
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
Max CVSS
9.1
EPSS Score
0.61%
Published
2016-06-06
Updated
2019-06-19
3 vulnerabilities found