MiracleLinux 9 : cockpit-311.2-1.el9_4.ML.1 (AXSA:2024-8451:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8451:13 advisory. cockpit: command injection when deleting a sosreport with a crafted name CVE-2024-2947 CVE-2024-2947 A flaw was found in Cockpit. Deleting a sosreport with a...

MiracleLinux 8 : cockpit-310.4-1.el8_10.ML.1 (AXSA:2024-8473:14)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8473:14 advisory. cockpit: command injection when deleting a sosreport with a crafted name CVE-2024-2947 Tenable has extracted the preceding description block directly from th...

MiracleLinux 7 : sos-3.2-35.3.0.1.el7.AXS7 (AXSA:2016-110:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-110:01 advisory. Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging...

abrt security update

2.10.9-25.0.1 - Replaces sosreport to sos report in sosreport-event.conf Orabug: 38590929 - abrt-dump-oops-Fix-vmcore-call-trace-parsing-arm Orabug: 34184473 - Disable autoreporting on Oracle Linux Orabug: 32890748 - Add orabug32082455-Upstreamreferenceinpython3-abrt-addon.patch Orabug: 32082455 ...

CLSA-2025-1764085222 cockpit: Fix of CVE-2024-2947

CVE-2024-2947: fix command injection vulnerability by sanitizing sosreport names during deletion...

EUVD-2012-2647

Malware in sbrugna...

EUVD-2015-1976

Malware in sbrugna...

EUVD-2017-0131

Malware in sbrugna...

EUVD-2017-0130

Malware in sbrugna...

EUVD-2014-3862

Malware in sbrugna...

EUVD-2011-4034

Malware in sbrugna...

EUVD-2024-27889

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-3009

software: sos 4.10.0 WASP: ROSA-CHROME unaffected versions = sos-4.10.0-1 affected versions sos-4.10.0-1 CVE-ID: CVE-2022-2806 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: ovirt-log-collector/sosreport collects RHV admin password in plaintext. CVE-STATUS: The vulnerability has been...

Linux Distros Unpatched Vulnerability : CVE-2014-0246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

Linux Distros Unpatched Vulnerability : CVE-2015-7529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a...

cockpit: command injection when deleting a sosreport with a crafted name

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer...

cockpit security update

311.2-1.0.1 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation links Orabug: 30271413, Orabug: 32013095,...

cockpit: command injection when deleting a sosreport with a crafted name

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer...

cockpit security update

310.4-1.0.1 - Update documentation links Orabug: 34706402 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 33862832 - Update documentation links Orabug: 32795691 - Make documentation links point to Oracle Linux...

SUSE CVE-2024-2947

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer...