10 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. stonith-ng en pacemaker y cluster-glue pasaba contraseñas como parámetros de línea de comandos, que hacía posible que los atacantes locales obtuvieran acceso a las contraseñas de la pila de HA e influyeran potencialmente en sus operaciones. Esto se ha corregido en cluster-glue versiones 1.0.6 y posteriores, y en pacemaker versiones 1.1.3 y posteriores • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. Se encontró un fallo de omisión de ACL en pacemaker. Un atacante que tenga una cuenta local en el clúster y en el grupo haclient podría usar la comunicación IPC con varios demonios directamente para llevar a cabo determinadas tareas que las ACL no podrían hacer si pasaran por la configuración An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. • https://bugzilla.redhat.com/show_bug.cgi?id=1888191 https://lists.clusterlabs.org/pipermail/users/2020-October/027840.html https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html https://seclists.org/oss-sec/2020/q4/83 https://security.gentoo.org/glsa/202309-09 https://access.redhat.com/security/cve/CVE-2020-25654 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Pacemaker before 1.1.6 configure script creates temporary files insecurely Pacemaker versiones anteriores a 1.1.6, un script de configuración crea archivos temporales de forma no segura. • http://www.openwall.com/lists/oss-security/2014/02/11/1 http://www.securityfocus.com/bid/65472 https://exchange.xforce.ibmcloud.com/vulnerabilities/91120 https://security-tracker.debian.org/tracker/CVE-2011-5271 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. En el software Pacemaker hasta la versión 2.0.1 inclusive, se encontró un defecto de uso que podía provocar la filtración de cierta información sensible a través de los registros del sistema. A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html http://www.securityfocus.com/bid/108036 https://access.redhat.com/errata/RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1279 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885 https://github.com/ClusterLabs/pacemaker/pull/1749 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3 https://lists.fedoraproject.org/archives/list/package-announce&# • CWE-416: Use After Free •

CVSS: 6.2EPSS: 0%CPEs: 22EXPL: 0

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS Se encontró un fallo en el software Pacemaker hasta la versión 2.0.1 inclusive. Una verificación insuficiente de los procesos preferentes no controlados puede llevar a una condición de denegación de servicios (DoS). A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html http://www.securityfocus.com/bid/108039 https://access.redhat.com/errata/RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1279 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16878 https://github.com/ClusterLabs/pacemaker/pull/1749 https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html https://lists.fedoraprojec • CWE-400: Uncontrolled Resource Consumption •