VYPR

rpm package

almalinux/cockpit-pcp

pkg:rpm/almalinux/cockpit-pcp

Vulnerabilities (2)

  • CVE-2024-6126LowJul 3, 2024
    affected < 323.1-1.el9_5fixed 323.1-1.el9_5

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

  • CVE-2024-2947HigMar 28, 2024
    affected < 311.2-1.el9_4fixed 311.2-1.el9_4

    A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.