Filtered by vendor Cockpit-project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3804 | 3 Cockpit-project, Fedoraproject, Redhat | 3 Cockpit, Fedora, Virtualization | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. | |||||
| CVE-2020-35850 | 1 Cockpit-project | 1 Cockpit | 2021-01-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue." | |||||