|Max CVSS||5.0||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|09-10-2019 - 23:38||12-04-2018 - 16:29|
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
|30-10-2018 - 16:27||26-07-2015 - 22:59|
Session fixation vulnerability in pcsd in pcs before 0.9.157.
|27-04-2017 - 16:15||21-04-2017 - 15:59|
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was
|31-12-2016 - 02:59||14-05-2015 - 14:59|