Vulnerabilities > Clusterlabs
|2022-03-25||CVE-2022-1049|| Improper Authentication vulnerability in Clusterlabs PCS |
A flaw was found in the Pacemaker configuration tool (pcs).
| 6.5 |
|2021-10-18||CVE-2010-2496|| Improper Authentication vulnerability in Clusterlabs Cluster Glue and Pacemaker |
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations.
| 2.1 |
|2021-01-12||CVE-2020-35459|| Improper Privilege Management vulnerability in multiple products |
An issue was discovered in ClusterLabs crmsh through 4.2.1.
| 7.2 |
|2021-01-12||CVE-2020-35458|| Code Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012 |
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x.
| 10.0 |
|2020-11-24||CVE-2020-25654|| Improper Access Control vulnerability in multiple products |
An ACL bypass flaw was found in pacemaker.
| 9.0 |
|2020-01-02||CVE-2014-0104|| Improper Certificate Validation vulnerability in Clusterlabs Fence-Agents |
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.
| 4.3 |
|2019-11-12||CVE-2011-5271|| Link Following vulnerability in Clusterlabs Pacemaker |
Pacemaker before 1.1.6 configure script creates temporary files insecurely
| 3.3 |
|2019-07-30||CVE-2019-10153|| Encoding Error vulnerability in multiple products |
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception.
| 4.0 |
|2019-06-07||CVE-2019-12779|| Link Following vulnerability in Clusterlabs Libqb |
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
| 6.6 |
|2019-04-18||CVE-2019-3885|| Use After Free vulnerability in multiple products |
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
| 5.0 |