80 matches found
[SECURITY] Fedora 42 Update: pcs-0.12.2-1.fc42
pcs is a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create high availability clusters based on Pacemaker. This package contains the pcs command-line utility and its server pcsd...
EUVD-2015-1953
Malware in sbrugna...
EUVD-2016-0752
Malware in sbrugna...
EUVD-2018-11731
Malware in sbrugna...
EUVD-2016-0751
Malware in sbrugna...
EUVD-2018-11736
Malware in sbrugna...
EUVD-2022-37609
Malicious code in bioql PyPI...
CVE-2022-34657
Improper input validation in firmware for some IntelR PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access...
SUSE CVE-2015-5189
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated...
Input validation
Improper input validation in firmware for some IntelR PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access...
CVE-2022-34657
The CVE-2022-34657 issue affects Intel(R) PCSD BIOS firmware prior to version 02.01.0013. The root cause is improper input validation in the PCSD BIOS firmware, potentially allowing a locally privileged attacker to disclose information. Intel’s advisory lists affected products as Intel PCSD BIOS ...
CVE-2022-34657
Improper input validation in firmware for some IntelR PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access...
ALBA-2021:1080 pcs bug fix and enhancement update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Pcsd logs to system log by mistake BZ1919318...
pcs bug fix and enhancement update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Pcsd logs to system log by mistake BZ1919318...
NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)
The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a vulnerability: - It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A...
NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...
Arbitrary File Write
pcs is vulnerable to arbitrary file write attacks. An authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process via malicious REST calls...
Session Fixation
pcsd in pcs is vulnerable to Session Fixation. Failing to validate cookies on the server side when a user is logged out, could potentially allow an attacker to perform session fixation attacks on pcsd in order to impersonate another user...
pcs: Debug parameter removal bypass, allowing information disclosure
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...
Amazon Linux 2 : pcs (ALAS-2018-1005)
Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...