AlmaLinux 8 : pcs (ALSA-2022:6314)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6314 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons...

SUSE-SU-2022:3477-1 Security update for slurm_20_02

This update for slurm2002 fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package bsc1201674. - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root bsc119927...

Moderate: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OESA-2022-1961 pcs security update

Security Fixes: A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster"...

Design/Logic Flaw

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...

Privilege Escalation

pcs is vulnerable to privilege escalation. The vulnerability exists because it occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons...

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...

Debian DSA-5226-1 : pcs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5226 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...

[SECURITY] [DSA 5226-1] pcs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5226-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2022 https://www.debian.org/security/faq -...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

DEBIAN-CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

Privilege escalation

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

UBUNTU-CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

CVE-2022-2735

CVE-2022-2735 affects the PCS project. The root cause is incorrect permissions on the Unix socket used for internal PCS daemon communication, enabling a privilege escalation by obtaining an authentication token for a hacluster user. With that token, an attacker could gain complete control over th...

CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...