Vendor
Pacemaker\/corosync Configuration System Project
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10649 | Hig | 0.49 | 8.6 | 0.00 | Jun 16, 2026 | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption,… | ||
| CVE-2015-5190 | 0.00 | — | 0.03 | Sep 3, 2015 | The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||
| CVE-2015-5189 | 0.00 | — | 0.01 | Sep 3, 2015 | Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. |
- risk 0.49cvss 8.6epss 0.00
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption,…
- CVE-2015-5190Sep 3, 2015risk 0.00cvss —epss 0.03
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
- CVE-2015-5189Sep 3, 2015risk 0.00cvss —epss 0.01
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.