Lucene search
K

6 matches found

CVE
CVE
•added 2023/05/17 12:0 a.m.•129 views

CVE-2023-2319

CVE-2023-28154 (Webpack ImportParserPlugin.js mishandling) is confirmed across multiple IBM and Red Hat related advisories in connected documents. The vulnerability could allow a remote attacker to bypass security restrictions or access the real global object. Concrete affected contexts include I...

9.8CVSS9.2AI score0.00974EPSS
CVE
CVE
•added 2022/09/06 5:18 p.m.•112 views

CVE-2022-2735

CVE-2022-2735 affects the PCS project. The root cause is incorrect permissions on the Unix socket used for internal PCS daemon communication, enabling a privilege escalation by obtaining an authentication token for a hacluster user. With that token, an attacker could gain complete control over th...

7.8CVSS7.7AI score0.00299EPSS
CVE
CVE
•added 2017/04/21 3:0 p.m.•108 views

CVE-2016-0720

CVE-2016-0720 is a CSRF flaw in the pcsd web UI of the ClusterLabs pcs before 0.9.149. The vulnerability allows remote attackers to trigger state-changing requests via the web interface. Affected component: pcsd web UI (pcs before 0.9.149). Documented impact is implied by CSRF risk; explicit expl...

8.8CVSS8.6AI score0.01412EPSS
CVE
CVE
•added 2022/03/25 6:3 p.m.•104 views

CVE-2022-1049

CVE-2022-1049 concerns the Pacemaker configuration tool (pcs) where the daemon allowed expired accounts and accounts with expired passwords to authenticate via PAM, enabling login for unprivileged expired accounts. Connected advisories/plugins reference affected packages across multiple distribut...

8.8CVSS8.4AI score0.01825EPSS
CVE
CVE
•added 2017/04/21 3:0 p.m.•102 views

CVE-2016-0721

CVE-2016-0721 describes a session fixation vulnerability in pcsd (part of the PCS/Corosync-Pacemaker tooling) affecting pcs before 0.9.157. The issue arises from how sessions are managed, potentially allowing an attacker to hijack an authenticated session. Affected product: pcs/pcsd components pr...

8.1CVSS8.1AI score0.02294EPSS
CVE
CVE
•added 2018/03/12 3:0 p.m.•66 views

CVE-2017-2661

CVE-2017-2661 affects ClusterLabs pcs before version 0.9.157, which is vulnerable to a cross-site scripting (XSS) vulnerability caused by improper validation of the Node name field when creating a new cluster or adding an existing cluster. This is supported by multiple connected sources noting XS...

6.1CVSS5.8AI score0.01218EPSS