VYPR

rpm package

opensuse/cockpit&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cockpit&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2026-4802HigMay 11, 2026
    affected < 361-1.1fixed 361-1.1

    A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter

  • CVE-2026-4631CriApr 7, 2026
    affected < 360-1.1fixed 360-1.1

    Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects m

  • CVE-2026-25547CriFeb 4, 2026
    affected < 356-2.1fixed 356-2.1

    @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume

  • CVE-2025-13465MedJan 21, 2026
    affected < 354-3.1fixed 354-3.1

    Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwritin

  • CVE-2024-6126LowJul 3, 2024
    affected < 320-1.1fixed 320-1.1

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.