rpm package
almalinux/pcp-pmda-oracle
pkg:rpm/almalinux/pcp-pmda-oracle
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45770 | Med | 4.4 | < 5.3.7-22.el8_10 | 5.3.7-22.el8_10 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with hig | |
| CVE-2024-45769 | Med | 5.5 | < 5.3.7-22.el8_10 | 5.3.7-22.el8_10 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. | |
| CVE-2024-3019 | Hig | 8.8 | < 6.2.0-2.el9_4 | 6.2.0-2.el9_4 | Mar 28, 2024 | A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running | |
| CVE-2023-6917 | — | < 6.2.0-1.el9 | 6.2.0-1.el9 | Feb 28, 2024 | A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted fu |
- affected < 5.3.7-22.el8_10fixed 5.3.7-22.el8_10
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with hig
- affected < 5.3.7-22.el8_10fixed 5.3.7-22.el8_10
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
- affected < 6.2.0-2.el9_4fixed 6.2.0-2.el9_4
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running
- CVE-2023-6917Feb 28, 2024affected < 6.2.0-1.el9fixed 6.2.0-1.el9
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted fu