CVE-2019-3885

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs...

UBUNTU-CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation...

CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

PT-2019-16754 · Red Hat +4 · Pacemaker +5

Name of the Vulnerable Software and Affected Versions: pacemaker versions up to and including 2.0.1 Description: A use-after-free flaw was found in pacemaker, which could result in certain sensitive information to be leaked via the system logs. Recommendations: For versions up to and including...

CVE-2018-19638

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...

Code injection

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...

CVE-2018-19638

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...

CVE-2018-19638 User can overwrite arbitrary log files in support tar

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...

CVE-2018-19638

CVE-2018-19638 affects supportutils prior to 3.1-5.7.1: an unprivileged user could overwrite arbitrary files in the log-collection directory when pacemaker is installed. OpenSUSE/SUSE advisories (openSUSE-2019-1351) fix this by upgrading supportutils to 3.1.17-2.2 (and related updates for hostinf...

Privilege Escalation

pacemaker is vulnerable to privilege escalation attacks. The vulnerability exists as an authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, for...

Denial Of Service (DoS)

pacemaker is vulnerable to denial of service DoS attacks. The vulnerability exists as pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service node disconnection via an unauthenticated connection...

Privilege Escalation

pacemaker is vulnerable to privilege escalation attacks. The vulnerability exists as pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command...

Denial Of Service (DoS)

Pacemaker is vulnerable to denial of service. This is due to the way authentication and processing of remote connections in certain circumstances are performed. A remote attacker is able to exploit the vulnerability to prevent the process from serving other requests when it is configured with...

PT-2018-2976 · Clusterlabs +5 · Pacemaker +5

Name of the Vulnerable Software and Affected Versions: Pacemaker versions up to and including 2.0.1 Description: The issue is related to an uncontrolled resource consumption in the Pacemaker cluster resource management software, which can be exploited to cause a denial of service DoS. This could...

RHEL 7 : atomic-openshift-utils (RHSA-2016:2778)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2778 advisory. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...

PT-2018-3485 · Clusterlabs +5 · Pacemaker +5

Name of the Vulnerable Software and Affected Versions: Pacemaker versions up to and including 2.0.0 Description: A flaw was found in the way Pacemaker's client-server authentication was implemented, allowing a local attacker to achieve local privilege escalation by combining this flaw with other...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 8 director security and bug fix update

An update for instack-undercloud and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 8.0 Liberty director. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

Authorization

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...