15 matches found
Missing Release of Resource after Effective Lifetime
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handledisconnect function, when using the Redis backend for tab storage. An attacker can cause service...
CLSA-2025-1764080949 pcp: Fix of CVE-2024-3019
CVE-2024-3019: Fix default pmproxy configuration to restrict access to Redis server backend, preventing remote command execution...
SUSE SLES15 Security Update : pcp (SUSE-SU-2025:03233-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03233-1 advisory. - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Tenable has extracted the...
Security update for pcp
This update for pcp fixes the following issues: CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03233-1 Security update for pcp
This update for pcp fixes the following issues: - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
OESA-2024-1436 pcp security update
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A flaw was found in PCP. The default pmproxy configuration expose...
SUSE CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
DEBIAN-CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
PT-2024-2710 · Cockpit +9 · Cockpit +9
Name of the Vulnerable Software and Affected Versions: Performance Co-Pilot PCP versions 4.3.4 and newer Description: The issue is related to the pmproxy component of the Performance Co-Pilot PCP software, which is used for monitoring and visualizing performance. It involves the exposure of...
Remote code execution
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...
CVE-2016-10672
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...