Cockpit@* Security Vulnerabilities and Issues — Cockpit@* CVE List

Lucene search

AgentejoCockpit*

13 matches found

CVE•added 2020/12/30 1:15 a.m.•146 views

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

9.8CVSS9.4AI score0.93926EPSS

Web

CVE•added 2020/12/30 1:15 a.m.•143 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

9.8CVSS9.4AI score0.9391EPSS

Web

CVE•added 2020/12/30 1:15 a.m.•136 views

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

9.8CVSS9.5AI score0.9202EPSS

Web

CVE•added 2023/08/18 7:15 p.m.•128 views

CVE-2023-4422

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

6.8CVSS5AI score0.00128EPSS

CVE•added 2022/08/15 11:21 a.m.•81 views

CVE-2022-2818

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

9.8CVSS9.1AI score0.01424EPSS

CVE•added 2022/08/08 3:15 p.m.•77 views

CVE-2022-2713

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

9.8CVSS9.2AI score0.01039EPSS

CVE•added 2023/08/17 4:15 a.m.•62 views

CVE-2023-4395

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

8.1CVSS5.5AI score0.0011EPSS

CVE•added 2021/01/08 5:15 p.m.•59 views

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.

9.8CVSS9.7AI score0.83821EPSS

In wild

CVE•added 2023/02/11 2:20 a.m.•55 views

CVE-2023-0780

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

5.4CVSS4.8AI score0.00173EPSS

CVE•added 2023/08/06 6:15 p.m.•49 views

CVE-2023-4195

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

9.9CVSS8.8AI score0.01641EPSS

CVE•added 2023/08/06 6:15 p.m.•44 views

CVE-2023-4196

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

8.3CVSS5.5AI score0.00084EPSS

CVE•added 2023/02/09 2:15 p.m.•42 views

CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

8.8CVSS6.8AI score0.0004EPSS

CVE•added 2023/08/14 11:15 a.m.•41 views

CVE-2023-4321

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

8.3CVSS6.2AI score0.00383EPSS