Keepalived
By the Year
In 2024 there have been 0 vulnerabilities in Keepalived . Keepalived did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 5.40 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 4 | 6.68 |
It may take a day or so for new Keepalived vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Keepalived Security Vulnerabilities
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination
CVE-2021-44225
5.4 - Medium
- November 26, 2021
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats
CVE-2018-19044
4.7 - Medium
- November 08, 2018
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
insecure temporary file
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats
CVE-2018-19045
7.5 - High
- November 08, 2018
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
Information Disclosure
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats
CVE-2018-19046
4.7 - Medium
- November 08, 2018
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
Information Disclosure
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact
CVE-2018-19115
9.8 - Critical
- November 08, 2018
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Keepalived? Click the Watch button to subscribe.