Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.35 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.38 views

Fedora 28 : pcs (2018-bbfb0f5bc9)

Security fix for CVE-2018-1086 and CVE-2018-1079 Rebased to latest upstream sources Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...

8.7CVSS6.3AI score0.01655EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/06/05 12:0 a.m.32 views

CentOS Update for pcs CESA-2018:1060 centos7

Check the version of pcs SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882895";...

8.7CVSS6.8AI score0.02489EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.39 views

CentOS 7 : pcs (CESA-2018:1060)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.7CVSS6.4AI score0.02489EPSS
Exploits0References4
Cent OS
Cent OS
added 2018/05/30 6:24 p.m.109 views

pcs security update

CentOS Errata and Security Advisory CESA-2018:1060 An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/05/01 12:0 a.m.31 views

Oracle Linux 7 : pcs (ELSA-2018-1060)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1060 advisory. - Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure - Fixed CVE-2018-1079 pcs: Privilege escalation via authoriz...

8.7CVSS6.5AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/05/01 12:0 a.m.46 views

Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)

Security Fixes : - pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 - pcs: Debug parameter removal bypass, allowing information disclosure CVE-2018-1086 - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 C Tenable Network Security, Inc. The...

8.7CVSS6.3AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/04/27 12:0 a.m.42 views

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

8.7CVSS6.5AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/04/19 12:0 a.m.27 views

Fedora 27 : pcs (2018-57bbe74c6c)

Security fix for CVE-2018-1086 and CVE-2018-1079 Rebased to latest upstream sources Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...

8.7CVSS6.3AI score0.01655EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/04/19 12:0 a.m.29 views

Fedora Update for pcs FEDORA-2018-57bbe74c6c

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7AI score0.01655EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/04/12 5:29 p.m.29 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7AI score0.01101EPSS
Exploits0References2
NVD
NVD
added 2018/04/12 5:29 p.m.21 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS8.6AI score0.01101EPSS
Exploits0References2
OSV
OSV
added 2018/04/12 5:29 p.m.20 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

6.5CVSS6.8AI score0.01101EPSS
Exploits0References2
CVE
CVE
added 2018/04/12 5:0 p.m.76 views

CVE-2018-1079

CVE-2018-1079 affects the pcsd REST interface. An authenticated user with write permissions can exploit an improper file-name sanitization in /remote/put_file to create or overwrite arbitrary files outside of /etc/booth, gaining privilege escalation in the pcsd process. Affected: pcs before 0.9.1...

8.7CVSS6.8AI score0.01101EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2018/04/12 5:0 p.m.26 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7.6AI score0.01101EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/04/10 8:23 p.m.43 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.7CVSS6.6AI score0.02489EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/04/09 11:49 a.m.27 views

CVE-2018-1079

It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the...

8.7CVSS3.1AI score0.01101EPSS
Exploits0References1
Rows per page
Query Builder