516 matches found
pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
CVE-2022-2735
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
Oracle Linux 9 : pcs (ELSA-2022-9753)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9753 advisory. 0.11.1-10.el90.2 - Fixed ruby socket permissions - Resolves: rhbz2116839 Tenable has extracted the preceding description block directly from the Oracle Linux...
Ubuntu: Security Advisory (USN-5008-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0306 Updated canna packages fix security vulnerability
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...
Updated canna packages fix security vulnerability
Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. CVE-2022-21950...
OPENSUSE-SU-2022:10091-1 Security update for canna
This update for canna fixes the following issues: - CVE-2022-21950: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets boo1199280...
OPENSUSE-SU-2022:10090-1 Security update for canna
This update for canna fixes the following issues: - CVE-2022-21950: move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets boo1199280...
PT-2022-15199 · Canna +2 · Canna +2
Name of the Vulnerable Software and Affected Versions: canna versions prior to canna-3.7p3-bp153.2.3.1 canna versions prior to 3.7p3-bp154.3.3.1 Description: An Improper Access Control issue in the systemd service of canna in openSUSE Backports SLE-15-SP3 and openSUSE Backports SLE-15-SP4 allows...
Security update for canna (important)
openSUSE Security Update: Security update for canna Announcement ID: openSUSE-SU-2022:10091-1 Rating: important References: 1199280 Cross-References: CVE-2022-21950 CVSS scores: CVE-2022-21950 SUSE: 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP4 ...
Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)
Summary This security vulnerability affects the Node.js got module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted...
CVE-2022-33987
A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...
Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket...
GHSA-PFRX-2Q88-QQ97 Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket...
CVE-2022-33987
The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...
CVE-2022-33987
The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...