VYPR

rpm package

suse/cockpit&distro=SUSE Linux Enterprise Micro 5.5

pkg:rpm/suse/cockpit&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Vulnerabilities (5)

  • CVE-2026-4802HigMay 11, 2026
    affected < 298-150500.3.12.1fixed 298-150500.3.12.1

    A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter

  • CVE-2026-27904Feb 26, 2026
    affected < 298-150500.3.12.1fixed 298-150500.3.12.1

    minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), wh

  • CVE-2026-27606Feb 25, 2026
    affected < 298-150500.3.12.1fixed 298-150500.3.12.1

    Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine a

  • CVE-2026-25547CriFeb 4, 2026
    affected < 298-150500.3.12.1fixed 298-150500.3.12.1

    @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume

  • CVE-2024-6126LowJul 3, 2024
    affected < 298-150500.3.6.1fixed 298-150500.3.6.1

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.