Download
| Alert*
oval:org.secpod.oval:def:115629
keepalived is installed oval:org.secpod.oval:def:704631 keepalived is installed oval:org.secpod.oval:def:55316 keepalived: Failover and monitoring daemon for LVS clusters Keepalived could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1801278 CVE-2018-19044: kkeepalived before version 2.0.9 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/k ... oval:org.secpod.oval:def:1801279 keepalived is installed oval:org.secpod.oval:def:3301162 SUSE Security Update: Security update for keepalived oval:org.secpod.oval:def:1900100 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:115628 Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server kernel module providing Layer4 load balancing. Keepalived implements a se ... oval:org.secpod.oval:def:1900121 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:503281 The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ... oval:org.secpod.oval:def:205287 The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ... oval:org.secpod.oval:def:1900039 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to0, as demonstrated by a symlink from /tmp/keepalived.data or/tmp/keepalived. ... oval:org.secpod.oval:def:2001076 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:2000588 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalive ... oval:org.secpod.oval:def:2001485 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:1505668 [2.1.5-8] - Fix DBus policy restrictions [2.1.5-7] - Fix log-facility option oval:org.secpod.oval:def:704970 keepalived: Failover and monitoring daemon for LVS clusters Keepalived could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900149 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:205138 The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ... oval:org.secpod.oval:def:1700119 Heap-based buffer overflow vulnerability in extract_status_code function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary co ... oval:org.secpod.oval:def:502589 The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ... oval:org.secpod.oval:def:2000379 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. |