Vulnerabilities > Clusterlabs

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-39976 Classic Buffer Overflow vulnerability in Clusterlabs Libqb
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
network
low complexity
clusterlabs CWE-120
critical
 9.8
9.8
2023-05-17 CVE-2023-2319 It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591.
network
low complexity
clusterlabs redhat
critical
 9.8
9.8
2022-09-06 CVE-2022-2735 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in the PCS project.
local
low complexity
clusterlabs debian CWE-276
7.8
7.8
2022-08-26 CVE-2021-3020 Improper Privilege Management vulnerability in Clusterlabs Hawk
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15.
network
low complexity
clusterlabs CWE-269
8.8
8.8
2022-07-28 CVE-2022-2553 Improper Authentication vulnerability in multiple products
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node.
network
low complexity
clusterlabs debian fedoraproject CWE-287
6.5
6.5
2022-03-25 CVE-2022-1049 Improper Authentication vulnerability in multiple products
A flaw was found in the Pacemaker configuration tool (pcs).
network
low complexity
clusterlabs debian CWE-287
8.8
8.8
2021-10-18 CVE-2010-2496 Improper Authentication vulnerability in Clusterlabs Cluster Glue and Pacemaker
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations.
local
low complexity
clusterlabs CWE-287
2.1
2.1
2021-01-12 CVE-2020-35459 Improper Privilege Management vulnerability in multiple products
An issue was discovered in ClusterLabs crmsh through 4.2.1.
local
low complexity
clusterlabs debian CWE-269
7.2
7.2
2021-01-12 CVE-2020-35458 Code Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x.
network
low complexity
clusterlabs CWE-94
critical
 10.0
10
2020-11-24 CVE-2020-25654 An ACL bypass flaw was found in pacemaker.
network
low complexity
clusterlabs debian
7.2
7.2