Lucene search
K

22 matches found

CVE
CVE
added 2026/06/16 3:57 p.m.29 views

CVE-2026-10649

Pacemaker vulnerability CVE-2026-10649: an unauthenticated remote attacker can trigger an integer overflow in the remote message decompression, causing memory corruption and denial of service in the CIB remote listener. Affects Pacemaker (remote message processing) with network attack vector, no ...

8.6CVSS5.4AI score0.0044EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.26 views

PT-2026-49723

Name of the Vulnerable Software and Affected Versions Pacemaker affected versions not specified Description An integer overflow exists in the remote message decompression process. An unauthenticated remote attacker can exploit this by sending a specially crafted compressed remote message before...

8.6CVSS5.9AI score0.0044EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-10649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By...

8.6CVSS5.5AI score0.0044EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Ambassador API Gateway Diagnostics Sensitive Information Disclosure

Ambassador API Gateway includes a diagnostics portal that provides detailed information about the API Gateway's configuration and operation. If this portal is accessible without proper authentication, it can expose sensitive information such as service mappings, API endpoints, routing...

6.5AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/09/07 11:22 p.m.4 views

SUSE CVE-2025-39727

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setupclusters In setupswapmap, we only ensure badpages are in range 0, lastpage. As maxpages might be = maxpages. Only call incclusterinfopage for badpage which is maxpages to fix the...

5.5CVSS6.9AI score0.0016EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/06/24 5:28 p.m.6 views

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

5CVSS6.8AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/24 5:28 p.m.9 views

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

5CVSS0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.8 views

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

4.3CVSS6.7AI score0.00407EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.278 views

KubeSphere 3.4.0 Insecure Direct Object Reference

KubeSphere version 3.4.0 and KubeSphere Enterprise version 4.1.1 suffer from an insecure direct object reference vulnerability. Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1 Date: 3 September Exploit Author: Okan Kurtulus Vendor Homepage:...

4.3CVSS7AI score0.01618EPSS
Exploits2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Piraeus Operator 安全漏洞

Piraeus Operator is a Piraeus open source for managing LINSTOR clusters in Kubernetes. A security vulnerability exists in Piraeus Operator v2.5.0 and earlier versions, which originated from a vulnerability that allows an attacker to impersonate a service account bound to ClusterRole and use its...

7.5CVSS7.2AI score0.00599EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

4.3CVSS6.5AI score0.02996EPSS
Exploits1References3
OSV
OSV
added 2022/08/25 6:15 p.m.4 views

CVE-2022-23235

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...

5.3CVSS5.7AI score0.00509EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/17 12:0 a.m.17 views

Dell EMC PowerScale OneFS has an unspecified vulnerability (CNVD-2021-73944)

Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect critical resource privilege assignment. An attacker could use this vulnerability to gain unauthorized access to cluster-related information...

7.8CVSS4.8AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/17 12:0 a.m.18 views

Dell EMC PowerScale OneFS Elevation of Privilege Vulnerability

Dell EMC PowerScale OneFS is an API-powered file system. A vulnerability exists in Dell EMC PowerScale OneFS versions 8.2. - 9.2. in which critical resource permissions are incorrectly assigned. An attacker could exploit this vulnerability to gain unauthorized access to cluster-related informatio...

7.8CVSS7.7AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.5 views

Dell EMC PowerScale 安全漏洞

Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect critical resource privilege assignment. An attacker could use this vulnerability to gain unauthorized access to cluster-related information...

7.8CVSS5.7AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2019/05/24 5:29 p.m.5 views

CVE-2018-10815

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information...

6.5CVSS5.8AI score0.00883EPSS
Exploits0References2
Prion
Prion
added 2019/05/24 5:29 p.m.10 views

Information disclosure

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information...

4CVSS6.4AI score0.00883EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.21 views

Denial Of Service (DoS)

Pacemaker is vulnerable to denial of service. This is due to the way authentication and processing of remote connections in certain circumstances are performed. A remote attacker is able to exploit the vulnerability to prevent the process from serving other requests when it is configured with...

4.3CVSS5.9AI score0.02996EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2013/11/23 11:55 a.m.2 views

DEBIAN-CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

4.3CVSS6.8AI score0.02996EPSS
Exploits1References1
OSV
OSV
added 2013/11/23 11:55 a.m.10 views

UBUNTU-CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

4.3CVSS5.8AI score0.02996EPSS
Exploits1References4
Rows per page
Query Builder