Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/516375?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/516375?format=api", "purl": "pkg:deb/debian/pacemaker@1.0.9.1%2Bhg15626-1", "type": "deb", "namespace": "debian", "name": "pacemaker", "version": "1.0.9.1+hg15626-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.5-2", "latest_non_vulnerable_version": "2.0.5-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97489?format=api", "vulnerability_id": "VCID-81cy-d21j-c7em", "summary": "Pacemaker before 1.1.6 configure script creates temporary files insecurely", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5271.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61675", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61724", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6172", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61704", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61722", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5271" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633964", "reference_id": "633964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633964" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516376?format=api", "purl": "pkg:deb/debian/pacemaker@1.1.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8dm3-4yzd-pfb8" }, { "vulnerability": "VCID-actv-hpv2-auhd" }, { "vulnerability": "VCID-dvyn-mjzr-ckhx" }, { "vulnerability": "VCID-eq8d-8zkv-r3ft" }, { "vulnerability": "VCID-jbc9-ncmw-vqe5" }, { "vulnerability": "VCID-pnn4-1bbx-8ygq" }, { "vulnerability": "VCID-qxv3-cktn-87d8" }, { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.7-1" } ], "aliases": [ "CVE-2011-5271" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81cy-d21j-c7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97494?format=api", "vulnerability_id": "VCID-8dm3-4yzd-pfb8", "summary": "A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12283", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12365", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12255", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12329", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12247", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652646", "reference_id": "1652646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714", "reference_id": "927714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714" }, { "reference_url": "https://security.gentoo.org/glsa/202309-09", "reference_id": "GLSA-202309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1278", "reference_id": "RHSA-2019:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1279", "reference_id": "RHSA-2019:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1279" }, { "reference_url": "https://usn.ubuntu.com/3952-1/", "reference_id": "USN-3952-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3952-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516379?format=api", "purl": "pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2" } ], "aliases": [ "CVE-2018-16877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dm3-4yzd-pfb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97490?format=api", "vulnerability_id": "VCID-actv-hpv2-auhd", "summary": "Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0281.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71735", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71775", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71781", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71758", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71743", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71765", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700923", "reference_id": "700923", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=891922", "reference_id": "891922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1635", "reference_id": "RHSA-2013:1635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516377?format=api", "purl": "pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8dm3-4yzd-pfb8" }, { "vulnerability": "VCID-dvyn-mjzr-ckhx" }, { "vulnerability": "VCID-eq8d-8zkv-r3ft" }, { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1" } ], "aliases": [ "CVE-2013-0281" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-actv-hpv2-auhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97496?format=api", "vulnerability_id": "VCID-dvyn-mjzr-ckhx", "summary": "A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34431", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34447", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34411", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34368", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34387", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694554", "reference_id": "1694554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714", "reference_id": "927714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714" }, { "reference_url": "https://security.gentoo.org/glsa/202309-09", "reference_id": "GLSA-202309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1278", "reference_id": "RHSA-2019:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1279", "reference_id": "RHSA-2019:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1279" }, { "reference_url": "https://usn.ubuntu.com/3952-1/", "reference_id": "USN-3952-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3952-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516379?format=api", "purl": "pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2" } ], "aliases": [ "CVE-2019-3885" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-mjzr-ckhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97495?format=api", "vulnerability_id": "VCID-eq8d-8zkv-r3ft", "summary": "A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06446", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06475", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06467", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06458", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06412", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0642", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657962", "reference_id": "1657962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657962" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714", "reference_id": "927714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714" }, { "reference_url": "https://security.gentoo.org/glsa/202309-09", "reference_id": "GLSA-202309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1278", "reference_id": "RHSA-2019:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1279", "reference_id": "RHSA-2019:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1279" }, { "reference_url": "https://usn.ubuntu.com/3952-1/", "reference_id": "USN-3952-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3952-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516379?format=api", "purl": "pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2" } ], "aliases": [ "CVE-2018-16878" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq8d-8zkv-r3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97493?format=api", "vulnerability_id": "VCID-jbc9-ncmw-vqe5", "summary": "Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85412", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85411", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85417", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02415", "scoring_system": "epss", "scoring_elements": "0.85397", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379784", "reference_id": "1379784", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2578", "reference_id": "RHSA-2016:2578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2578" }, { "reference_url": "https://usn.ubuntu.com/3462-1/", "reference_id": "USN-3462-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3462-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516377?format=api", "purl": "pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8dm3-4yzd-pfb8" }, { "vulnerability": "VCID-dvyn-mjzr-ckhx" }, { "vulnerability": "VCID-eq8d-8zkv-r3ft" }, { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-7797" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbc9-ncmw-vqe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97492?format=api", "vulnerability_id": "VCID-pnn4-1bbx-8ygq", "summary": "An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2776", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27709", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27671", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27622", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27629", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7035" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369732", "reference_id": "1369732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369732" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843041", "reference_id": "843041", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843041" }, { "reference_url": "https://security.gentoo.org/glsa/201710-08", "reference_id": "GLSA-201710-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2614", "reference_id": "RHSA-2016:2614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2675", "reference_id": "RHSA-2016:2675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2675" }, { "reference_url": "https://usn.ubuntu.com/3462-1/", "reference_id": "USN-3462-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3462-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516377?format=api", "purl": "pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8dm3-4yzd-pfb8" }, { "vulnerability": "VCID-dvyn-mjzr-ckhx" }, { "vulnerability": "VCID-eq8d-8zkv-r3ft" }, { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-7035" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnn4-1bbx-8ygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65226?format=api", "vulnerability_id": "VCID-qxv3-cktn-87d8", "summary": "stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12667", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12753", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12757", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12718", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12637", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12668", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2496" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974363", "reference_id": "1974363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974363" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516377?format=api", "purl": "pkg:deb/debian/pacemaker@1.1.16-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8dm3-4yzd-pfb8" }, { "vulnerability": "VCID-dvyn-mjzr-ckhx" }, { "vulnerability": "VCID-eq8d-8zkv-r3ft" }, { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.1.16-1~bpo8%252B1" } ], "aliases": [ "CVE-2010-2496" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxv3-cktn-87d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97497?format=api", "vulnerability_id": "VCID-yuht-cxt6-vyb3", "summary": "An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25654.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24839", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24934", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24923", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24866", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24808", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24816", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888191", "reference_id": "1888191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973254", "reference_id": "973254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973254" }, { "reference_url": "https://security.gentoo.org/glsa/202309-09", "reference_id": "GLSA-202309-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5423", "reference_id": "RHSA-2020:5423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5453", "reference_id": "RHSA-2020:5453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5487", "reference_id": "RHSA-2020:5487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5487" }, { "reference_url": "https://usn.ubuntu.com/4623-1/", "reference_id": "USN-4623-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4623-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516379?format=api", "purl": "pkg:deb/debian/pacemaker@2.0.1-5%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yuht-cxt6-vyb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.1-5%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/534006?format=api", "purl": "pkg:deb/debian/pacemaker@2.0.5-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@2.0.5-2" } ], "aliases": [ "CVE-2020-25654" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuht-cxt6-vyb3" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacemaker@1.0.9.1%252Bhg15626-1" }