Lucene search
+L

82 matches found

CVE
CVE
added 2015/09/03 2:0 p.m.50 views

CVE-2015-5190

CVE-2015-5190 affects the pcsd web UI in PCS 0.9.139 and earlier, enabling remote authenticated users to execute arbitrary commands via escape characters in a crafted URL. The Red Hat (RHSA-2015:1700) and related advisories confirm a command injection flaw in the pcsd web UI; a separate privilege...

8.5CVSS7.1AI score0.02544EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/09/03 2:0 p.m.49 views

CVE-2015-5189

The vulnerability CVE-2015-5189 affects the pcsd component of PCS (pcsd web UI) in PCS versions up to 0.9.139. It is a race condition where a global username-validation variable can be exploited by an authenticated remote user to perform actions with higher privileges after another user is authen...

4.9CVSS6.5AI score0.0098EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2015/09/03 2:0 p.m.31 views

CVE-2015-5190

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL...

8.5CVSS7AI score0.02544EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/09/01 1:41 p.m.4 views

pcs: Incorrect authorization when using pcs web UI

A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more...

4.9CVSS5.7AI score0.0098EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/09/01 1:41 p.m.4 views

pcs: Command injection with root privileges.

A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI...

8.5CVSS6.1AI score0.02544EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2015/09/01 12:0 a.m.2 views

PT-2015-6794 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCs versions 0.9.139 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. This is related to the pcsd web UI. Recommendations: For versions 0.9.139 and earlier,...

8.5CVSS7AI score0.02544EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2015/06/15 12:0 a.m.6 views

The vulnerability of the OpenStack cloud service platform allows a hacker to execute arbitrary commands.

The vulnerability of the OpenStack cloud platform lies in the use of the default password “CHANGEME” for the pcsd daemon. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS5.8AI score0.05216EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/05/14 2:0 p.m.60 views

CVE-2015-3983

The PCS vulnerability CVE-2015-3983 is in the PCS daemon (pcsd) where the Set-Cookie header did not include the HttpOnly flag in PCS 0.9.137 and earlier, enabling potential information disclosure via script access to the cookie. The issue is remote and was split from CVE-2015-1848; advisories and...

4.3CVSS5.9AI score0.02097EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2015/05/14 2:0 p.m.74 views

CVE-2015-1848

The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...

6.8CVSS6.2AI score0.02424EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/05/14 12:0 a.m.21 views

Scientific Linux Security Update : pcs on SL7.x x86_64 (20150512)

It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. CVE-2015-1848 Th...

6.8CVSS5.4AI score0.02424EPSS
Exploits1References2
Cent OS
Cent OS
added 2015/05/13 12:53 a.m.61 views

pcs, python security update

CentOS Errata and Security Advisory CESA-2015:0980 Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

6.8CVSS5.7AI score0.02424EPSS
Exploits1References7
Cent OS
Cent OS
added 2015/05/12 8:48 p.m.59 views

pcs security update

CentOS Errata and Security Advisory CESA-2015:0990 Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

6.8CVSS5.8AI score0.02424EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2015/05/12 5:59 p.m.23 views

Important: Red Hat Security Advisory: pcs security and bug fix update

Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.8CVSS5.8AI score0.02424EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/05/12 3:44 p.m.5 views

pcs: improper web session variable signing

It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...

6.8CVSS5.8AI score0.02424EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/04/16 1:53 p.m.36 views

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security...

10CVSS5.8AI score0.05216EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2015/04/16 1:53 p.m.5 views

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

10CVSS5.8AI score0.05216EPSS
Exploits0References4
CNVD
CNVD
added 2015/04/13 12:0 a.m.68 views

Red Hat openstack-puppet-modules trust management vulnerability

Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...

10CVSS7.4AI score0.05216EPSS
Exploits0References1
NVD
NVD
added 2015/04/10 3:0 p.m.57 views

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

10CVSS7.7AI score0.05216EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/04/07 3:8 p.m.4 views

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

10CVSS5.8AI score0.05216EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/07 3:8 p.m.35 views

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

10CVSS5.9AI score0.05216EPSS
Exploits0References29
Rows per page
Query Builder