Skip to main content

Keepalived

5 CVEs product

Monthly

CVE-2021-44225 MEDIUM PATCH This Month

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keepalived Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2018-19115 CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived Debian Linux Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-19046 MEDIUM PATCH This Month

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-19045 HIGH POC PATCH This Week

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-19044 MEDIUM POC PATCH This Month

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.5%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keepalived Fedora
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived +6
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keepalived
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Keepalived
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy