Skip to main content

Pacemaker

5 CVEs product

Monthly

CVE-2020-25654 HIGH This Week

An ACL bypass flaw was found in pacemaker. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pacemaker Debian Linux
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3885 HIGH PATCH This Week

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Pacemaker Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-7797 HIGH PATCH This Week

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pacemaker Leap Linux Enterprise High Availability Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2015-1867 HIGH This Week

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Linux High Availability Enterprise Linux Resilient Storage Pacemaker
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-0281 MEDIUM POC PATCH This Month

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Pacemaker
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
EPSS 2% CVSS 7.2
HIGH This Week

An ACL bypass flaw was found in pacemaker. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pacemaker Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pacemaker Leap +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Linux High Availability Enterprise Linux Resilient Storage +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Pacemaker
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy