Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2018-4169 Back to search

OS X update for Kernel (CVE-2018-4169) Vulnerability

  • Severity: 10
  • Published: May 03, 2018

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.

Red Hat: CVE-2018-1086: Important: pcs security update (Multiple Advisories) Vulnerability

  • Severity: 5
  • Published: April 10, 2018

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Oracle Linux: (CVE-2018-1086) ELSA-2018-1060: pcs security update Vulnerability

  • Severity: 5
  • Published: April 10, 2018

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Debian: CVE-2018-1086: pcs -- security update Vulnerability

  • Severity: 5
  • Published: April 10, 2018

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

CentOS: (CVE-2018-1086) CESA-2018:1060: pcs Vulnerability

  • Severity: 5
  • Published: April 10, 2018

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.