Vulnerabilities > Clusterlabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-2735 | A vulnerability was found in the PCS project. | 7.8 |
| 2022-08-26 | CVE-2021-3020 | Improper Privilege Management vulnerability in Clusterlabs Hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. | 8.8 |
| 2022-03-25 | CVE-2022-1049 | A flaw was found in the Pacemaker configuration tool (pcs). | 8.8 |
| 2021-01-12 | CVE-2020-35459 | OS Command Injection vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.8 |
| 2020-11-24 | CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. | 7.2 |
| 2019-06-07 | CVE-2019-12779 | Link Following vulnerability in Clusterlabs Libqb libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. | 7.1 |
| 2019-04-18 | CVE-2019-3885 | Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 |
| 2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |
| 2018-09-10 | CVE-2016-7035 | Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. | 7.8 |
| 2018-04-12 | CVE-2018-1086 | Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. | 7.5 |