CVE-2016-7797 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Affected Products (NVD)

Vendor	Product	Version
clusterlabs	pacemaker	𝑥 ≤ 1.1.14
opensuse	leap	42.2
opensuse_project	leap	42.1
redhat	enterprise_linux_high_availability	7.0
redhat	enterprise_linux_resilient_storage	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pacemaker

bookworm	2.1.5-1+deb12u1 fixed
bullseye	2.0.5-2 fixed
sid	2.1.8-1 fixed
trixie	2.1.8-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

pacemaker

artful	not-affected
precise	ignored
trusty	dne
xenial	Fixed 1.1.14-2ubuntu1.2 released
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-254 -

References

http://bugs.clusterlabs.org/show_bug.cgi?id=5269

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html

http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html

http://rhn.redhat.com/errata/RHSA-2016-2578.html

http://www.openwall.com/lists/oss-security/2016/10/01/1

http://www.securityfocus.com/bid/93261

https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410

http://bugs.clusterlabs.org/show_bug.cgi?id=5269

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html

http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html

http://rhn.redhat.com/errata/RHSA-2016-2578.html

http://www.openwall.com/lists/oss-security/2016/10/01/1

http://www.securityfocus.com/bid/93261

https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410