Vulnerabilities (CVE)

Vendor filter

Clusterlabs Subscribe

Filter

14 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10153 2 Clusterlabs, Redhat 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more 2019-10-09 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing...
CVE-2018-1086 3 Clusterlabs, Debian, Redhat 4 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux and 1 more 2019-10-09 5.0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote...
CVE-2018-1079 2 Clusterlabs, Redhat 2 Pacemaker Command Line Interface, Enterprise Linux 2019-10-09 4.0
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth...
CVE-2017-2661 1 Clusterlabs 1 Pcs 2019-10-09 4.3
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
CVE-2016-7035 2 Clusterlabs, Redhat 3 Pacemaker, Enterprise Linux Server, Enterprise Linux Server Eus 2019-10-09 7.2
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager...
CVE-2018-16877 3 Clusterlabs, Canonical, Fedoraproject 3 Pacemaker, Ubuntu Linux, Fedora 2019-10-03 4.6
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVE-2019-12779 1 Clusterlabs 1 Libqb 2019-07-19 6.6
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
CVE-2019-3885 3 Clusterlabs, Canonical, Fedoraproject 3 Pacemaker, Ubuntu Linux, Fedora 2019-05-27 5.0
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
CVE-2018-16878 3 Clusterlabs, Canonical, Fedoraproject 3 Pacemaker, Ubuntu Linux, Fedora 2019-05-27 2.1
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
CVE-2013-0281 2 Clusterlabs, Redhat 2 Enterprise Linux, Pacemaker 2019-04-22 4.3
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service...
CVE-2016-7797 5 Redhat, Suse, Clusterlabs and 2 more 7 Linux Enterprise Software Development Kit, Pacemaker, Leap and 4 more 2018-10-30 5.0
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2015-1867 2 Clusterlabs, Redhat 3 Enterprise Linux High Availability, Enterprise Linux Resilient Storage, Pacemaker 2017-10-10 7.5
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Enterprise Linux, Fedora, Pcs 2017-04-27 4.3
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Enterprise Linux, Fedora, Pcs 2017-04-27 6.8
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.