[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:603360
pcs is installed

oval:org.secpod.oval:def:204273
The pcs package provides a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create Pacemaker based clusters. The pcs package includes Rack, which provides a minimal interface between webservers that support Ruby and Ruby frameworks. A flaw was found in a way ...

oval:org.secpod.oval:def:203621
pcs is installed

oval:org.secpod.oval:def:204823
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Privilege escalation via authorized user malicious REST call * pcs: Debug parameter removal bypass, allowing information disclosure * rack-protection: Timing attack in authen ...

oval:org.secpod.oval:def:110251
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:204142
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a newer upstream version: pcs . Security Fix: * A Cross-Site Request Forgery flaw was found in the pcsd web UI. A remote attacker could provide a spec ...

oval:org.secpod.oval:def:110253
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:203725
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute ...

oval:org.secpod.oval:def:1506456
[0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5.el8_7.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159424

oval:org.secpod.oval:def:1506455
[0.11.3-4.el9_1.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159426

oval:org.secpod.oval:def:2500946
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:4501178
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * sinatra: Reflected File Download attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...

oval:org.secpod.oval:def:1502193
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700028
Debug parameter removal bypass, allowing information disclosureIt was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to eleva ...

oval:org.secpod.oval:def:203721
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute ...

oval:org.secpod.oval:def:109525
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:109520
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:114288
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:204847
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Debug parameter removal bypass, allowing information disclosure For more details about the security issue, including the impact, a CVSS score, and other related information, r ...

oval:org.secpod.oval:def:603358
Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient.

oval:org.secpod.oval:def:53301
Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient.

oval:org.secpod.oval:def:114290
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:109130
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:109114
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:109142
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters.

oval:org.secpod.oval:def:125338
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:125334
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:125499
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:2600013
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:1505743
[0.10.12-6.0.1.el8_6.1] - Replace HAM-logo.png with a generic one [0.10.12-6.el8_6.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081331

oval:org.secpod.oval:def:2600376
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:125881
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:125885
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:112229
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:112225
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters.

oval:org.secpod.oval:def:1900327
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

oval:org.secpod.oval:def:1701287
The Ruby on Rails advisory describes this vulnerability as follows:Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack are impacted

oval:org.secpod.oval:def:87131
[0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed "pcs resource restart" traceback - Resolves: rhbz#2102663 [0.11. ...

oval:org.secpod.oval:def:2600050
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:85667
Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could re ...

oval:org.secpod.oval:def:1506236
[0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5] - Fixed ruby socket permissions - Resolves: rhbz#2116838 [0.10.14-4] - Fixed enable sbd from webui - Resolves: rhbz#2117650 [0.10.14-3] - Fixed pcs quorum device remove - Resolves: rhbz#2115326 [0.10.14-2] - Fixed booth ticket mod ...

oval:org.secpod.oval:def:2500794
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:2500871
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:5800112
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: improper authentication via PAM For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ...

oval:org.secpod.oval:def:5800116
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: obtaining an authentication token for hacluster user could lead to privilege escalation For more details about the security issue, including the impact, a CVSS score, acknowle ...

oval:org.secpod.oval:def:610113
Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could re ...

oval:org.secpod.oval:def:1506015
[0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839

oval:org.secpod.oval:def:4500071
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ...

oval:org.secpod.oval:def:4500081
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ...

oval:org.secpod.oval:def:1701082
A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause sh ...

oval:org.secpod.oval:def:5800170
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux * rubygem-rack: Denial of service in Multipart MIME parsing * rubygem-rack: denial of service in header parsing ...

oval:org.secpod.oval:def:1506778
[0.10.15-4.0.1.el8_8.1] - Replace HAM-logo.png with a generic one [0.10.15-4.el8_8.1] - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was broken since Pacemaker-2.1.5-rc1 - Updated bundled rubyge ...

oval:org.secpod.oval:def:1505291
[0.10.10-4.0.1] - Replace HAM-logo.png with a generic one [0.10.10-4] - Fixed unfencing in - Resolves: rhbz#bz1991654 [0.10.10-3] - Added add/remove syntax for command - Resolves: rhbz#1992668 [0.10.10-2] - Fixed create resources with depth operation attribute - Resolves: rhbz#1998454 [0.10.10-1] - ...

oval:org.secpod.oval:def:4501230
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs . Security Fix: * jquery: Cross-site scripting via HTML tags containing whitespaces * jquery: Untrusted code execution ...

oval:org.secpod.oval:def:2500380
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

oval:org.secpod.oval:def:2501441
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

*CPE
cpe:/a:pcs:pcs

© SecPod Technologies