Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/pacemaker@1.0.9.1%2Bhg15626-1
Typedeb
Namespacedebian
Namepacemaker
Version1.0.9.1+hg15626-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.5-2
Latest_non_vulnerable_version2.0.5-2
Affected_by_vulnerabilities
0
url VCID-81cy-d21j-c7em
vulnerability_id VCID-81cy-d21j-c7em
summary Pacemaker before 1.1.6 configure script creates temporary files insecurely
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5271.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5271.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-5271
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61675
published_at 2026-06-04T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.61724
published_at 2026-06-05T12:55:00Z
2
value 0.0041
scoring_system epss
scoring_elements 0.61731
published_at 2026-06-06T12:55:00Z
3
value 0.0041
scoring_system epss
scoring_elements 0.6172
published_at 2026-06-07T12:55:00Z
4
value 0.0041
scoring_system epss
scoring_elements 0.61704
published_at 2026-06-08T12:55:00Z
5
value 0.0041
scoring_system epss
scoring_elements 0.61722
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-5271
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5271
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633964
reference_id 633964
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633964
fixed_packages
0
url pkg:deb/debian/pacemaker@1.1.7-1
purl pkg:deb/debian/pacemaker@1.1.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dm3-4yzd-pfb8
1
vulnerability VCID-actv-hpv2-auhd
2
vulnerability VCID-dvyn-mjzr-ckhx
3
vulnerability VCID-eq8d-8zkv-r3ft
4
vulnerability VCID-jbc9-ncmw-vqe5
5
vulnerability VCID-pnn4-1bbx-8ygq
6
vulnerability VCID-qxv3-cktn-87d8
7
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.7-1
aliases CVE-2011-5271
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81cy-d21j-c7em
1
url VCID-8dm3-4yzd-pfb8
vulnerability_id VCID-8dm3-4yzd-pfb8
summary A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16877.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16877.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16877
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12283
published_at 2026-06-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12365
published_at 2026-06-06T12:55:00Z
2
value 0.0004
scoring_system epss
scoring_elements 0.12255
published_at 2026-06-09T12:55:00Z
3
value 0.0004
scoring_system epss
scoring_elements 0.12329
published_at 2026-06-07T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.12247
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16877
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1652646
reference_id 1652646
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1652646
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
reference_id 927714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
6
reference_url https://security.gentoo.org/glsa/202309-09
reference_id GLSA-202309-09
reference_type
scores
url https://security.gentoo.org/glsa/202309-09
7
reference_url https://access.redhat.com/errata/RHSA-2019:1278
reference_id RHSA-2019:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1278
8
reference_url https://access.redhat.com/errata/RHSA-2019:1279
reference_id RHSA-2019:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1279
9
reference_url https://usn.ubuntu.com/3952-1/
reference_id USN-3952-1
reference_type
scores
url https://usn.ubuntu.com/3952-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
purl pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2
aliases CVE-2018-16877
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8dm3-4yzd-pfb8
2
url VCID-actv-hpv2-auhd
vulnerability_id VCID-actv-hpv2-auhd
summary Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0281.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0281.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0281
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71735
published_at 2026-06-04T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71775
published_at 2026-06-05T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71781
published_at 2026-06-06T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71758
published_at 2026-06-07T12:55:00Z
4
value 0.00669
scoring_system epss
scoring_elements 0.71743
published_at 2026-06-08T12:55:00Z
5
value 0.00669
scoring_system epss
scoring_elements 0.71765
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0281
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0281
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700923
reference_id 700923
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700923
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=891922
reference_id 891922
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=891922
5
reference_url https://access.redhat.com/errata/RHSA-2013:1635
reference_id RHSA-2013:1635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1635
fixed_packages
0
url pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
purl pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dm3-4yzd-pfb8
1
vulnerability VCID-dvyn-mjzr-ckhx
2
vulnerability VCID-eq8d-8zkv-r3ft
3
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1
aliases CVE-2013-0281
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-actv-hpv2-auhd
3
url VCID-dvyn-mjzr-ckhx
vulnerability_id VCID-dvyn-mjzr-ckhx
summary A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3885.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3885
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34334
published_at 2026-06-04T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34431
published_at 2026-06-05T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34447
published_at 2026-06-06T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34411
published_at 2026-06-07T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34368
published_at 2026-06-08T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34387
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3885
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1694554
reference_id 1694554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1694554
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
reference_id 927714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
6
reference_url https://security.gentoo.org/glsa/202309-09
reference_id GLSA-202309-09
reference_type
scores
url https://security.gentoo.org/glsa/202309-09
7
reference_url https://access.redhat.com/errata/RHSA-2019:1278
reference_id RHSA-2019:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1278
8
reference_url https://access.redhat.com/errata/RHSA-2019:1279
reference_id RHSA-2019:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1279
9
reference_url https://usn.ubuntu.com/3952-1/
reference_id USN-3952-1
reference_type
scores
url https://usn.ubuntu.com/3952-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
purl pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2
aliases CVE-2019-3885
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-mjzr-ckhx
4
url VCID-eq8d-8zkv-r3ft
vulnerability_id VCID-eq8d-8zkv-r3ft
summary A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16878.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16878.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16878
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06446
published_at 2026-06-04T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06475
published_at 2026-06-05T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06467
published_at 2026-06-06T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06458
published_at 2026-06-07T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06412
published_at 2026-06-08T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.0642
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16878
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1657962
reference_id 1657962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1657962
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
reference_id 927714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714
6
reference_url https://security.gentoo.org/glsa/202309-09
reference_id GLSA-202309-09
reference_type
scores
url https://security.gentoo.org/glsa/202309-09
7
reference_url https://access.redhat.com/errata/RHSA-2019:1278
reference_id RHSA-2019:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1278
8
reference_url https://access.redhat.com/errata/RHSA-2019:1279
reference_id RHSA-2019:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1279
9
reference_url https://usn.ubuntu.com/3952-1/
reference_id USN-3952-1
reference_type
scores
url https://usn.ubuntu.com/3952-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
purl pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2
aliases CVE-2018-16878
risk_score 2.8
exploitability 0.5
weighted_severity 5.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eq8d-8zkv-r3ft
5
url VCID-jbc9-ncmw-vqe5
vulnerability_id VCID-jbc9-ncmw-vqe5
summary Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7797.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7797
reference_id
reference_type
scores
0
value 0.02415
scoring_system epss
scoring_elements 0.85389
published_at 2026-06-04T12:55:00Z
1
value 0.02415
scoring_system epss
scoring_elements 0.85412
published_at 2026-06-07T12:55:00Z
2
value 0.02415
scoring_system epss
scoring_elements 0.85411
published_at 2026-06-09T12:55:00Z
3
value 0.02415
scoring_system epss
scoring_elements 0.85417
published_at 2026-06-06T12:55:00Z
4
value 0.02415
scoring_system epss
scoring_elements 0.85397
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7797
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1379784
reference_id 1379784
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1379784
5
reference_url https://access.redhat.com/errata/RHSA-2016:2578
reference_id RHSA-2016:2578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2578
6
reference_url https://usn.ubuntu.com/3462-1/
reference_id USN-3462-1
reference_type
scores
url https://usn.ubuntu.com/3462-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
purl pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dm3-4yzd-pfb8
1
vulnerability VCID-dvyn-mjzr-ckhx
2
vulnerability VCID-eq8d-8zkv-r3ft
3
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1
aliases CVE-2016-7797
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbc9-ncmw-vqe5
6
url VCID-pnn4-1bbx-8ygq
vulnerability_id VCID-pnn4-1bbx-8ygq
summary An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7035.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7035.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7035
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27693
published_at 2026-06-04T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.2776
published_at 2026-06-05T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27709
published_at 2026-06-06T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.27671
published_at 2026-06-07T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.27622
published_at 2026-06-08T12:55:00Z
5
value 0.00103
scoring_system epss
scoring_elements 0.27629
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7035
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7035
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1369732
reference_id 1369732
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1369732
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843041
reference_id 843041
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843041
6
reference_url https://security.gentoo.org/glsa/201710-08
reference_id GLSA-201710-08
reference_type
scores
url https://security.gentoo.org/glsa/201710-08
7
reference_url https://access.redhat.com/errata/RHSA-2016:2614
reference_id RHSA-2016:2614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2614
8
reference_url https://access.redhat.com/errata/RHSA-2016:2675
reference_id RHSA-2016:2675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2675
9
reference_url https://usn.ubuntu.com/3462-1/
reference_id USN-3462-1
reference_type
scores
url https://usn.ubuntu.com/3462-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
purl pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dm3-4yzd-pfb8
1
vulnerability VCID-dvyn-mjzr-ckhx
2
vulnerability VCID-eq8d-8zkv-r3ft
3
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1
aliases CVE-2016-7035
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnn4-1bbx-8ygq
7
url VCID-qxv3-cktn-87d8
vulnerability_id VCID-qxv3-cktn-87d8
summary stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-2496
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12667
published_at 2026-06-04T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12753
published_at 2026-06-05T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12757
published_at 2026-06-06T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12718
published_at 2026-06-07T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12637
published_at 2026-06-08T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12668
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-2496
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1974363
reference_id 1974363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1974363
fixed_packages
0
url pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
purl pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8dm3-4yzd-pfb8
1
vulnerability VCID-dvyn-mjzr-ckhx
2
vulnerability VCID-eq8d-8zkv-r3ft
3
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1
aliases CVE-2010-2496
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxv3-cktn-87d8
8
url VCID-yuht-cxt6-vyb3
vulnerability_id VCID-yuht-cxt6-vyb3
summary An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25654.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25654
reference_id
reference_type
scores
0
value 0.00086
scoring_system epss
scoring_elements 0.24839
published_at 2026-06-04T12:55:00Z
1
value 0.00086
scoring_system epss
scoring_elements 0.24934
published_at 2026-06-05T12:55:00Z
2
value 0.00086
scoring_system epss
scoring_elements 0.24923
published_at 2026-06-06T12:55:00Z
3
value 0.00086
scoring_system epss
scoring_elements 0.24866
published_at 2026-06-07T12:55:00Z
4
value 0.00086
scoring_system epss
scoring_elements 0.24808
published_at 2026-06-08T12:55:00Z
5
value 0.00086
scoring_system epss
scoring_elements 0.24816
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1888191
reference_id 1888191
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1888191
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973254
reference_id 973254
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973254
6
reference_url https://security.gentoo.org/glsa/202309-09
reference_id GLSA-202309-09
reference_type
scores
url https://security.gentoo.org/glsa/202309-09
7
reference_url https://access.redhat.com/errata/RHSA-2020:5423
reference_id RHSA-2020:5423
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5423
8
reference_url https://access.redhat.com/errata/RHSA-2020:5453
reference_id RHSA-2020:5453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5453
9
reference_url https://access.redhat.com/errata/RHSA-2020:5487
reference_id RHSA-2020:5487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5487
10
reference_url https://usn.ubuntu.com/4623-1/
reference_id USN-4623-1
reference_type
scores
url https://usn.ubuntu.com/4623-1/
fixed_packages
0
url pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
purl pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yuht-cxt6-vyb3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2
1
url pkg:deb/debian/pacemaker@2.0.5-2
purl pkg:deb/debian/pacemaker@2.0.5-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.5-2
aliases CVE-2020-25654
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuht-cxt6-vyb3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.0.9.1%252Bhg15626-1