CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44225 – keepalived: dbus access control bypass
https://notcve.org/view.php?id=CVE-2021-44225
26 Nov 2021 — In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property En Keepalived versiones hasta 2.2.4, la política D-Bus no restringe suficientemente el destino de los mensajes, permitiendo a cualquier usuario inspeccionar y manipular cualquier propiedad. Esto conlleva a una omisión d... • https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2018-19115 – keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-19115
08 Nov 2018 — keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. keepalived hasta la versión 2.0.8 tiene un desbordamiento de búfer basado en memoria dinámica (heap) cuando se analizan los códigos de estado HTTP, lo que resulta en una denegación de servicio (DoS) o, posiblemente, en otro impact... • https://access.redhat.com/errata/RHSA-2019:0022 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1784
https://notcve.org/view.php?id=CVE-2011-1784
20 May 2011 — The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files. La función pidfile_write en core/pidfile.c en keepalived v1.2.2 y versiones anteriores utiliza permisos 0666 permisos para (1) keepalived.pid, (2) checkers.pid, y (3) archivos vrrp.pid en /var/run/, lo que permite a usuarios locales mata... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281 • CWE-264: Permissions, Privileges, and Access Controls •