CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-1084 – corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
https://notcve.org/view.php?id=CVE-2018-1084
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. corosync en versiones anteriores a la 2.4.4 es vulnerable a un desbordamiento de enteros en exec/totemcrypto.c. An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. • http://www.securityfocus.com/bid/103758 https://access.redhat.com/errata/RHSA-2018:1169 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084 https://security.gentoo.org/glsa/202107-01 https://usn.ubuntu.com/4000-1 https://www.debian.org/security/2018/dsa-4174 https://access.redhat.com/security/cve/CVE-2018-1084 https://bugzilla.redhat.com/show_bug.cgi?id=1552830 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5190 – pcs: Command injection with root privileges.
https://notcve.org/view.php?id=CVE-2015-5190
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. Vulnerabilidad en la web UI pcsd en PCS 0.9.139 y en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de 'caracteres de escape' en una URL. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. • http://rhn.redhat.com/errata/RHSA-2015-1700.html https://bugzilla.redhat.com/show_bug.cgi?id=1252813 https://access.redhat.com/security/cve/CVE-2015-5190 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5189 – pcs: Incorrect authorization when using pcs web UI
https://notcve.org/view.php?id=CVE-2015-5189
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. Vulnerabilidad de condición de carrera de pcsd en PCS 0.9.139 y en versiones anteriores utiliza una variable global para validar nombres de usuarios, lo que permite a usuarios remotos autenticados para obtener privilegios mediante el envío de un comando que se comprueba por seguridad tras autenticarse otro usuario. A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. • http://rhn.redhat.com/errata/RHSA-2015-1700.html https://bugzilla.redhat.com/show_bug.cgi?id=1252805 https://access.redhat.com/security/cve/CVE-2015-5189 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 1CVE-2013-0250
https://notcve.org/view.php?id=CVE-2013-0250
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. La función init_nss_hash en exec/totemcrypto.c en Corosync 2.0 anterior a 2.3 no inicializa debidamente la clave HMAC, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete manipulado. • http://seclists.org/oss-sec/2013/q1/212 http://seclists.org/oss-sec/2013/q1/213 http://seclists.org/oss-sec/2013/q1/214 http://secunia.com/advisories/52037 https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595 •