| Max CVSS | 8.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-5190 | 8.5 |
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
|
13-02-2023 - 00:50 | 03-09-2015 - 14:59 | |
| CVE-2016-0721 | 4.3 |
Session fixation vulnerability in pcsd in pcs before 0.9.157.
|
12-02-2023 - 23:15 | 21-04-2017 - 15:59 | |
| CVE-2018-1086 | 5.0 |
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|
09-10-2019 - 23:38 | 12-04-2018 - 16:29 | |
| CVE-2015-3225 | 5.0 |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
|
30-10-2018 - 16:27 | 26-07-2015 - 22:59 | |
| CVE-2015-3983 | 4.3 |
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was
|
31-12-2016 - 02:59 | 14-05-2015 - 14:59 |