Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8302 matches found

Cvelist
Cvelistadded 2018/04/12 9:0 p.m.11 views

CVE-2014-9563

CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...

5.1AI score0.0017EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2018/04/12 4:29 p.m.23 views

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS6.8AI score0.002EPSS
Exploits0References3
OSV
OSVadded 2018/04/12 4:29 p.m.1 views

UBUNTU-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7.2AI score0.002EPSS
Exploits0References4
OSV
OSVadded 2018/04/12 4:29 p.m.25 views

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7.7AI score0.002EPSS
Exploits0References4
OSV
OSVadded 2018/04/12 4:29 p.m.1 views

DEBIAN-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7AI score0.002EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2018/04/12 4:0 p.m.28 views

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS6AI score0.002EPSS
Exploits0
CVE
CVEadded 2018/04/12 4:0 p.m.97 views

CVE-2018-1086

CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...

7.5CVSS7.2AI score0.002EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2018/04/12 4:0 p.m.28 views

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

4.3CVSS7.5AI score0.002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2018/04/12 12:0 a.m.32 views

Debian DSA-4169-1 : pcs - security update

Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient. C Tenable Network Security, Inc. The...

7.5CVSS6.3AI score0.002EPSS
Exploits0References5
NVD
NVDadded 2018/04/11 3:29 p.m.13 views

CVE-2017-18071

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed...

10CVSS8.6AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelistadded 2018/04/11 3:0 p.m.22 views

CVE-2017-18140

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD...

9.6AI score0.00242EPSS
Exploits0References2
CVE
CVEadded 2018/04/11 3:0 p.m.50 views

CVE-2017-18140

CVE-2017-18140 affects Android on Qualcomm Snapdragon Automotive/Mobile/Wear platforms. The issue occurs when processing a call disconnection; an attempt to print the RIL token-id to the debug log can lead to a Use After Free condition if eMBMS is enabled, potentially enabling a network-initiated...

10CVSS8.4AI score0.00242EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2018/04/11 3:0 p.m.49 views

CVE-2017-18071

CVE-2017-18071 affects Android on Qualcomm Snapdragon/Mobile platforms (including MDM9206, MDM9607, MSM8909W, SD 210/212/205, SD 425/430/450/625/650/52) and is described as allowing a potential bypass of the debug policy prior to the 2018-04-05 patch level. The vulnerability is documented in the ...

10CVSS9AI score0.00257EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2018/04/11 12:0 a.m.38 views

RHEL 7 : pcs (RHSA-2018:1060)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1060 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: Privilege...

8.7CVSS6.6AI score0.00408EPSS
Exploits0References8
Packet Storm
Packet Stormadded 2018/04/11 12:0 a.m.43 views

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure

Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report: https://advisories.dxw.com/advisories/rating-widget-debug-mode/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...

0.1AI score
Exploits0
0day.today
0day.todayadded 2018/04/11 12:0 a.m.39 views

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure Vulnerability

WordPress Rating-Widget: Star Review System plugin version 2.8.9 suffers from an information disclosure vulnerability. Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report:...

7AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2018/04/10 8:23 p.m.3 views

pcs: Debug parameter removal bypass, allowing information disclosure

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

7.5CVSS5.8AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2018/04/09 12:0 a.m.2 views

PT-2018-10147 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: pcs versions prior to 0.9.164 pcs version 0.10 and earlier Description: The issue concerns a debug parameter removal bypass in the pcsd service's REST interface. Specifically, the /run pcs query did not properly remove the pcs debug argument,...

8.8CVSS7.1AI score0.01038EPSS
Exploits2References48
OSV
OSVadded 2018/04/04 7:29 a.m.0 views

UBUNTU-CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...

7.5CVSS7.1AI score0.00702EPSS
Exploits1References5
OSV
OSVadded 2018/04/04 7:29 a.m.1 views

ALPINE-CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...

7.5CVSS7.1AI score0.00702EPSS
Exploits1References1
Rows per page
Query Builder