Количество 15
Количество 15
ELSA-2022-2008
ELSA-2022-2008: cockpit security, bug fix, and enhancement update (MODERATE)
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3698
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it han ...
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
CVE-2021-3660
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickj ...
RLSA-2022:2008
Moderate: cockpit security, bug fix, and enhancement update
GHSA-w9ph-5m4x-c49r
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
GHSA-5m9v-2hhc-h2wj
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
BDU:2021-04029
Уязвимость менеджера для серверов Cockpit, связанная с ошибками при отображении пользовательского интерфейса или фреймов, позволяющая нарушителю внедрить вредоносный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2022-2008 ELSA-2022-2008: cockpit security, bug fix, and enhancement update (MODERATE) | около 3 лет назад | ||
 | CVE-2021-3698 A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-3698 A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
 | CVE-2021-3698 A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
 | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
| CVE-2021-3698 A flaw was found in Cockpit in versions prior to 260 in the way it han ... | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| CVE-2021-3660 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-3660 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-3660 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVSS3: 4.3 | 0% Низкий | больше 3 лет назад | |
| CVE-2021-3660 Cockpit (and its plugins) do not seem to protect itself against clickj ... | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
 | RLSA-2022:2008 Moderate: cockpit security, bug fix, and enhancement update | 0% Низкий | около 3 лет назад | |
| GHSA-w9ph-5m4x-c49r A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-5m9v-2hhc-h2wj Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
 | BDU:2021-04029 Уязвимость менеджера для серверов Cockpit, связанная с ошибками при отображении пользовательского интерфейса или фреймов, позволяющая нарушителю внедрить вредоносный код | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу