Vulnerabilities > Clusterlabs > Pacemaker
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-18 | CVE-2010-2496 | Improper Authentication vulnerability in Clusterlabs Cluster Glue and Pacemaker stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. | 2.1 |
| 2020-11-24 | CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. | 7.2 |
| 2019-11-12 | CVE-2011-5271 | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 3.3 |
| 2019-04-18 | CVE-2019-3885 | Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 |
| 2019-04-18 | CVE-2018-16878 | Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. | 5.5 |
| 2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |
| 2018-09-10 | CVE-2016-7035 | Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. | 7.8 |
| 2017-03-24 | CVE-2016-7797 | 7PK - Security Features vulnerability in multiple products Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | 5.0 |
| 2013-11-23 | CVE-2013-0281 | Resource Management Errors vulnerability in multiple products Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). | 4.3 |