Vulnerabilities > Clusterlabs

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-3049 A flaw was found in Booth, a cluster ticket manager.
network
high complexity
clusterlabs redhat
5.9
5.9
2023-08-08 CVE-2023-39976 Classic Buffer Overflow vulnerability in Clusterlabs Libqb
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
network
low complexity
clusterlabs CWE-120
critical
 9.8
9.8
2023-05-17 CVE-2023-2319 It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591.
network
low complexity
clusterlabs redhat
critical
 9.8
9.8
2022-09-06 CVE-2022-2735 A vulnerability was found in the PCS project.
local
low complexity
clusterlabs debian
7.8
7.8
2022-08-26 CVE-2021-3020 Improper Privilege Management vulnerability in Clusterlabs Hawk
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15.
network
low complexity
clusterlabs CWE-269
8.8
8.8
2022-07-28 CVE-2022-2553 The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node.
network
low complexity
clusterlabs debian fedoraproject
6.5
6.5
2022-03-25 CVE-2022-1049 A flaw was found in the Pacemaker configuration tool (pcs).
network
low complexity
clusterlabs debian
8.8
8.8
2021-10-18 CVE-2010-2496 Improper Authentication vulnerability in Clusterlabs Cluster Glue and Pacemaker
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations.
local
low complexity
clusterlabs CWE-287
5.5
5.5
2021-01-12 CVE-2020-35459 OS Command Injection vulnerability in multiple products
An issue was discovered in ClusterLabs crmsh through 4.2.1.
local
low complexity
clusterlabs debian CWE-78
7.8
7.8
2021-01-12 CVE-2020-35458 OS Command Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x.
network
low complexity
clusterlabs CWE-78
critical
 9.8
9.8