VYPR

rpm package

almalinux/cockpit-packagekit

pkg:rpm/almalinux/cockpit-packagekit

Vulnerabilities (4)

  • CVE-2026-4802HigMay 11, 2026
    affected < 356.2-1.el9_8fixed 356.2-1.el9_8

    A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter

  • CVE-2026-4631CriApr 7, 2026
    affected < 344-3.el10_1fixed 344-3.el10_1

    Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects m

  • CVE-2024-6126LowJul 3, 2024
    affected < 323.1-1.el9_5fixed 323.1-1.el9_5

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

  • CVE-2024-2947HigMar 28, 2024
    affected < 311.2-1.el9_4fixed 311.2-1.el9_4

    A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.