rpm package
suse/pcp&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45770 | Med | 4.4 | < 6.2.0-6.29.2 | 6.2.0-6.29.2 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with hig | |
| CVE-2024-45769 | Med | 5.5 | < 6.2.0-6.29.2 | 6.2.0-6.29.2 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. | |
| CVE-2024-3019 | Hig | 8.8 | < 6.2.0-6.29.2 | 6.2.0-6.29.2 | Mar 28, 2024 | A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running | |
| CVE-2023-6917 | — | < 6.2.0-6.29.2 | 6.2.0-6.29.2 | Feb 28, 2024 | A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted fu | ||
| CVE-2020-8025 | — | < 3.11.9-6.17.1 | 3.11.9-6.17.1 | Aug 7, 2020 | A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the | ||
| CVE-2019-3696 | — | < 3.11.9-6.14.1 | 3.11.9-6.14.1 | Mar 3, 2020 | A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE | ||
| CVE-2019-3695 | — | < 3.11.9-6.14.1 | 3.11.9-6.14.1 | Mar 3, 2020 | A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Modu |
- affected < 6.2.0-6.29.2fixed 6.2.0-6.29.2
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with hig
- affected < 6.2.0-6.29.2fixed 6.2.0-6.29.2
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
- affected < 6.2.0-6.29.2fixed 6.2.0-6.29.2
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running
- CVE-2023-6917Feb 28, 2024affected < 6.2.0-6.29.2fixed 6.2.0-6.29.2
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted fu
- CVE-2020-8025Aug 7, 2020affected < 3.11.9-6.17.1fixed 3.11.9-6.17.1
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the
- CVE-2019-3696Mar 3, 2020affected < 3.11.9-6.14.1fixed 3.11.9-6.14.1
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE
- CVE-2019-3695Mar 3, 2020affected < 3.11.9-6.14.1fixed 3.11.9-6.14.1
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Modu