This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Clusterlabs First view 2015-08-12
Product Pacemaker Last view 2019-04-18
Version 1.1.12 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:clusterlabs:pacemaker

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-04-18 CVE-2019-3885

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

5.5 2019-04-18 CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

7.8 2019-04-18 CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

7.8 2018-09-10 CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

7.5 2017-03-24 CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

7.5 2015-08-12 CVE-2015-1867

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-416 Use After Free
20% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
20% (1) CWE-285 Improper Access Control (Authorization)
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-254 Security Features

Nessus® Vulnerability Scanner

id Description
2017-10-25 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3462-1.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-08.nasl - Type: ACT_GATHER_INFO
2016-12-16 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161104_pacemaker_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_pacemaker_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-12-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1447.nasl - Type: ACT_GATHER_INFO
2016-12-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1376.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2614.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2578.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Fedora host is missing a security update.
File: fedora_2016-c1cbcc4528.nasl - Type: ACT_GATHER_INFO
2016-11-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2675.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote Fedora host is missing a security update.
File: fedora_2016-2a159ef513.nasl - Type: ACT_GATHER_INFO
2016-11-09 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2675.nasl - Type: ACT_GATHER_INFO
2016-11-09 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161108_pacemaker_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-11-07 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2614.nasl - Type: ACT_GATHER_INFO
2016-11-07 Name: The remote Fedora host is missing a security update.
File: fedora_2016-242ff9a2fa.nasl - Type: ACT_GATHER_INFO
2016-11-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2578.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-f9864ecd8f.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-f6860d8f9d.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-e5e36bbb87.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151119_pacemaker_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2383.nasl - Type: ACT_GATHER_INFO
2015-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2383.nasl - Type: ACT_GATHER_INFO
2015-08-04 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150722_pacemaker_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2015-07-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1424.nasl - Type: ACT_GATHER_INFO
2015-07-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1424.nasl - Type: ACT_GATHER_INFO