Lucene search
+L

82 matches found

Tenable Nessus
Tenable Nessus
added 2018/04/27 12:0 a.m.42 views

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

8.7CVSS6.5AI score0.0245EPSS
Exploits0References4
Prion
Prion
added 2018/04/12 5:29 p.m.22 views

Privilege escalation

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

4CVSS6.7AI score0.01101EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2018/04/12 5:29 p.m.31 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7AI score0.01101EPSS
Exploits0References2
OSV
OSV
added 2018/04/12 5:29 p.m.2 views

DEBIAN-CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

6.5CVSS7.1AI score0.01101EPSS
Exploits0References1
OSV
OSV
added 2018/04/12 5:29 p.m.4 views

UBUNTU-CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7AI score0.01101EPSS
Exploits0References3
OSV
OSV
added 2018/04/12 5:29 p.m.22 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

6.5CVSS6.8AI score0.01101EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/12 5:0 p.m.31 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7.6AI score0.01101EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/04/12 5:0 p.m.46 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7.6AI score0.01101EPSS
Exploits0
Prion
Prion
added 2018/04/12 4:29 p.m.28 views

Privilege escalation

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

5CVSS7.3AI score0.01655EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2018/04/12 4:29 p.m.4 views

UBUNTU-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7.2AI score0.01655EPSS
Exploits0References4
OSV
OSV
added 2018/04/12 4:29 p.m.2 views

DEBIAN-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7AI score0.01655EPSS
Exploits0References1
CVE
CVE
added 2018/04/12 4:0 p.m.102 views

CVE-2018-1086

CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...

7.5CVSS7.2AI score0.01655EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2018/04/10 8:23 p.m.6 views

pcs: Privilege escalation via authorized user malicious REST call

It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the...

8.7CVSS5.8AI score0.01101EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/04/09 11:49 a.m.29 views

CVE-2018-1079

It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the...

8.7CVSS3.1AI score0.01101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/04/09 11:48 a.m.38 views

CVE-2018-1086

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

7.5CVSS3.5AI score0.01655EPSS
Exploits0References1
Prion
Prion
added 2017/04/21 3:59 p.m.30 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in pcsd web UI in pcs before 0.9.149...

6.8CVSS7.1AI score0.01412EPSS
Exploits0References6Affected Software3
UbuntuCve
UbuntuCve
added 2017/04/21 3:59 p.m.29 views

CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157...

8.1CVSS7.1AI score0.02294EPSS
Exploits0References4
Prion
Prion
added 2017/04/21 3:59 p.m.21 views

Session fixation

Session fixation vulnerability in pcsd in pcs before 0.9.157...

4.3CVSS6.9AI score0.02294EPSS
Exploits0References8Affected Software3
NVD
NVD
added 2017/04/21 3:59 p.m.24 views

CVE-2016-0720

Cross-site request forgery CSRF vulnerability in pcsd web UI in pcs before 0.9.149...

8.8CVSS8.8AI score0.01412EPSS
Exploits0References6
NVD
NVD
added 2017/04/21 3:59 p.m.19 views

CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157...

8.1CVSS8.1AI score0.02294EPSS
Exploits0References8
Rows per page
Query Builder