Known Vulnerabilities for Pacemaker by Clusterlabs
Listed below are 10 of the newest known vulnerabilities associated with "Pacemaker" by "Clusterlabs".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could ... | 7.2 - HIGH | 2020-11-24 | 2023-09-29 |
| CVE-2019-3885 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive inform... | 7.5 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2018-16878 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontr... | 5.5 - MEDIUM | 2019-04-18 | 2023-11-07 |
| CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A... | 7.8 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconn... | 7.5 - HIGH | 2017-03-24 | 2018-10-30 |
| CVE-2016-7035 | An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker wi... | 7.8 - HIGH | 2018-09-10 | 2023-11-07 |
| CVE-2015-1867 | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an... | 7.5 - HIGH | 2015-08-12 | 2023-02-12 |
| CVE-2013-0281 | Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit ... | 4.3 - MEDIUM | 2013-11-23 | 2019-04-22 |
| CVE-2011-5271 | Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 - MEDIUM | 2019-11-12 | 2019-11-14 |
| CVE-2010-2496 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers t... | 5.5 - MEDIUM | 2021-10-18 | 2021-10-21 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Clusterlabs | Pacemaker | 2.0.5 | - | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.5 | rc1 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.5 | rc2 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.5 | rc3 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.4 | - | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.4 | rc1 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.4 | rc2 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.4 | rc3 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.3 | - | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.3 | rc1 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.3 | rc2 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.3 | rc3 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.2 | - | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.2 | rc1 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.2 | rc2 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.2 | rc3 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.1 | - | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.1 | rc1 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.1 | rc2 | All | All |
| Application | Clusterlabs | Pacemaker | 2.0.1 | rc3 | All | All |