rpm package
suse/pacemaker&distro=SUSE Linux Enterprise High Availability Extension 12 SP2
pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16878 | — | < 1.1.15-23.9.1 | 1.1.15-23.9.1 | Apr 18, 2019 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | ||
| CVE-2018-16877 | — | < 1.1.15-23.9.1 | 1.1.15-23.9.1 | Apr 18, 2019 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. | ||
| CVE-2016-7035 | Hig | 8.8 | < 1.1.15-21.1 | 1.1.15-21.1 | Sep 10, 2018 | An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and | |
| CVE-2016-7797 | Hig | 7.5 | < 1.1.15-21.1 | 1.1.15-21.1 | Mar 24, 2017 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. |
- CVE-2018-16878Apr 18, 2019affected < 1.1.15-23.9.1fixed 1.1.15-23.9.1
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
- CVE-2018-16877Apr 18, 2019affected < 1.1.15-23.9.1fixed 1.1.15-23.9.1
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
- affected < 1.1.15-21.1fixed 1.1.15-21.1
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and
- affected < 1.1.15-21.1fixed 1.1.15-21.1
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.