Vulnerabilities > Clusterlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-12 | CVE-2018-1086 | Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. | 5.0 |
| 2018-03-12 | CVE-2017-2661 | Cross-site Scripting vulnerability in Clusterlabs PCS ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. | 4.3 |
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |
| 2017-03-24 | CVE-2016-7797 | 7PK - Security Features vulnerability in multiple products Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | 5.0 |
| 2013-11-23 | CVE-2013-0281 | Resource Management Errors vulnerability in multiple products Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). | 4.3 |