8320 matches found
UBUNTU-CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
DEBIAN-CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
CVE-2018-1086
CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
Debian DSA-4169-1 : pcs - security update
Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient. C Tenable Network Security, Inc. The...
CVE-2017-18071
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed...
CVE-2017-18140
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD...
CVE-2017-18140
CVE-2017-18140 affects Android on Qualcomm Snapdragon Automotive/Mobile/Wear platforms. The issue occurs when processing a call disconnection; an attempt to print the RIL token-id to the debug log can lead to a Use After Free condition if eMBMS is enabled, potentially enabling a network-initiated...
CVE-2017-18071
CVE-2017-18071 affects Android on Qualcomm Snapdragon/Mobile platforms (including MDM9206, MDM9607, MSM8909W, SD 210/212/205, SD 425/430/450/625/650/52) and is described as allowing a potential bypass of the debug policy prior to the 2018-04-05 patch level. The vulnerability is documented in the ...
RHEL 7 : pcs (RHSA-2018:1060)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1060 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: Privilege...
WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure
Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report: https://advisories.dxw.com/advisories/rating-widget-debug-mode/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...
WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure Vulnerability
WordPress Rating-Widget: Star Review System plugin version 2.8.9 suffers from an information disclosure vulnerability. Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report:...
pcs: Debug parameter removal bypass, allowing information disclosure
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...
PT-2018-10147 · Pcs +2 · Pcs +2
Name of the Vulnerable Software and Affected Versions: pcs versions prior to 0.9.164 pcs version 0.10 and earlier Description: The issue concerns a debug parameter removal bypass in the pcsd service's REST interface. Specifically, the /run pcs query did not properly remove the pcs debug argument,...
UBUNTU-CVE-2018-9264
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...
ALPINE-CVE-2018-9264
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...
WAGO 750 Series Denial of Service Vulnerability
The 750-880, 750-881, and 750-852 are Ethernet switches of the WAGO 750 series. A denial-of-service vulnerability exists in the WAGO 750 series, which can be exploited by remote attacks to cause a denial-of-service condition for communication with debug and service tools...
CVE-2017-18071
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed...