| Max CVSS | 8.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-10663 | 5.0 |
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi
|
28-03-2023 - 18:06 | 28-04-2020 - 21:15 | |
| CVE-2015-5190 | 8.5 |
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
|
13-02-2023 - 00:50 | 03-09-2015 - 14:59 | |
| CVE-2020-10663 | 5.0 |
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi
|
30-09-2020 - 18:15 | 28-04-2020 - 21:15 | |
| CVE-2018-1086 | 5.0 |
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|
09-10-2019 - 23:38 | 12-04-2018 - 16:29 | |
| CVE-2015-3983 | 4.3 |
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was
|
31-12-2016 - 02:59 | 14-05-2015 - 14:59 |