| Max CVSS | 5.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-1000119 | 4.3 |
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby
|
24-08-2020 - 17:37 | 07-03-2018 - 14:29 | |
| CVE-2018-1086 | 5.0 |
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|
09-10-2019 - 23:38 | 12-04-2018 - 16:29 | |
| CVE-2018-1079 | 4.0 |
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth dir
|
09-10-2019 - 23:38 | 12-04-2018 - 17:29 |