CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2496
https://notcve.org/view.php?id=CVE-2010-2496
18 Oct 2021 — stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. stonith-ng en pacemaker y cluster-glue pasaba contraseñas como parámetros de línea de comandos, que hacía posible que los atacantes locales obtuvieran acceso a las contraseñas de la pila de HA e influyeran potencialmente en ... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25654 – pacemaker: ACL restrictions bypass
https://notcve.org/view.php?id=CVE-2020-25654
09 Nov 2020 — An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. Se encontró un fallo de omisión de ACL en pacemaker. Un atacante que tenga una cuenta local en el clúster y en el grupo haclient podría usar la comunicación IPC con varios demonios directamente para llevar a cabo determina... • https://bugzilla.redhat.com/show_bug.cgi?id=1888191 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5271
https://notcve.org/view.php?id=CVE-2011-5271
12 Nov 2019 — Pacemaker before 1.1.6 configure script creates temporary files insecurely Pacemaker versiones anteriores a 1.1.6, un script de configuración crea archivos temporales de forma no segura. • http://www.openwall.com/lists/oss-security/2014/02/11/1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2018-16877 – pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
https://notcve.org/view.php?id=CVE-2018-16877
18 Apr 2019 — A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. Se encontró un fallo en la forma en que se implementó la autenticación cliente-servidor del software Pacemaker, en versiones hasta la 2.0.0 inclusive. Un atacante local podría utilizar este fallo, y combinarlo con otras debilidades del IPC, para lograr una escalada de ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 22EXPL: 0CVE-2018-16878 – pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
https://notcve.org/view.php?id=CVE-2018-16878
18 Apr 2019 — A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS Se encontró un fallo en el software Pacemaker hasta la versión 2.0.1 inclusive. Una verificación insuficiente de los procesos preferentes no controlados puede llevar a una condición de denegación de servicios (DoS). A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3885 – pacemaker: Information disclosure through use-after-free
https://notcve.org/view.php?id=CVE-2019-3885
18 Apr 2019 — A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. En el software Pacemaker hasta la versión 2.0.1 inclusive, se encontró un defecto de uso que podía provocar la filtración de cierta información sensible a través de los registros del sistema. A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. Jan Pokorný discovered t... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-7035 – pacemaker: Privilege escalation due to improper guarding of IPC communication
https://notcve.org/view.php?id=CVE-2016-7035
04 Nov 2016 — An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. Se ha detectado un error en Pacemaker en versiones anteriores a la 1.1.6 por el que no protegía correctamente su interfaz IPC. Un atacante con una cuenta sin privilegios en un nodo Pacemaker... • http://rhn.redhat.com/errata/RHSA-2016-2614.html • CWE-285: Improper Authorization •
CVSS: 8.6EPSS: 2%CPEs: 7EXPL: 0CVE-2016-7797 – pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack
https://notcve.org/view.php?id=CVE-2016-7797
03 Nov 2016 — Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada. It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unau... • http://bugs.clusterlabs.org/show_bug.cgi?id=5269 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1867 – pacemaker: acl read-only access allow role assignment
https://notcve.org/view.php?id=CVE-2015-1867
22 Jul 2015 — Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. Vulnerabilidad en Pacemaker en versiones anteriores a 1.1.13, no evalúa correctamente nodos añadidos, lo que permite a usuarios remotos de sólo lectura obtener privilegios a través de un comando de acl. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •