Cockpit
by Agentejo
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5159 | 0.00 | — | 0.02 | Mar 10, 2020 | An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers… | |||
| CVE-2019-3804 | 0.00 | — | 0.05 | Mar 26, 2019 | It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to… | |||
| CVE-2018-15540 | 0.00 | — | 0.02 | Oct 15, 2018 | Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. | |||
| CVE-2018-15539 | 0.00 | — | 0.01 | Oct 15, 2018 | Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | |||
| CVE-2018-15538 | 0.00 | — | 0.01 | Oct 15, 2018 | Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. |
- CVE-2019-5159Mar 10, 2020risk 0.00cvss —epss 0.02
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers…
- CVE-2019-3804Mar 26, 2019risk 0.00cvss —epss 0.05
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to…
- CVE-2018-15540Oct 15, 2018risk 0.00cvss —epss 0.02
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
- CVE-2018-15539Oct 15, 2018risk 0.00cvss —epss 0.01
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
- CVE-2018-15538Oct 15, 2018risk 0.00cvss —epss 0.01
Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.
Page 2 of 2