Known Vulnerabilities for products from Clusterlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Clusterlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-39976 json | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered... | 9.8 - CRITICAL | 2023-08-08 | 2023-11-07 |
| CVE-2023-2319 json | It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 f... | 9.8 - CRITICAL | 2023-05-17 | 2023-05-26 |
| CVE-2022-2735 json | A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for intern... | 7.8 - HIGH | 2022-09-06 | 2024-01-25 |
| CVE-2022-2553 json | The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to n... | 6.5 - MEDIUM | 2022-07-28 | 2023-11-07 |
| CVE-2022-1049 json | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with e... | 8.8 - HIGH | 2022-03-25 | 2023-12-14 |
| CVE-2021-3020 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-08-26 | 2023-08-08 |
| CVE-2020-35459 json | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) we... | 7.8 - HIGH | 2021-01-12 | 2021-07-21 |
| CVE-2020-35458 json | An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_reme... | 9.8 - CRITICAL | 2021-01-12 | 2021-07-21 |
| CVE-2020-25654 json | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could ... | 7.2 - HIGH | 2020-11-24 | 2023-09-29 |
| CVE-2019-12779 json | libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filename... | 7.1 - HIGH | 2019-06-07 | 2021-07-03 |
| CVE-2019-10153 json | A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or ot... | 5 - MEDIUM | 2019-07-30 | 2023-02-02 |
| CVE-2019-3885 json | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive inform... | 7.5 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2018-16878 json | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontr... | 5.5 - MEDIUM | 2019-04-18 | 2023-11-07 |
| CVE-2018-16877 json | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A... | 7.8 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2018-1086 json | pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service di... | 7.5 - HIGH | 2018-04-12 | 2019-10-09 |
| CVE-2018-1079 json | pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST... | 6.5 - MEDIUM | 2018-04-12 | 2019-10-09 |
| CVE-2017-2661 json | ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of No... | 6.1 - MEDIUM | 2018-03-12 | 2019-10-09 |
| CVE-2016-7797 json | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconn... | 7.5 - HIGH | 2017-03-24 | 2018-10-30 |
| CVE-2016-7035 json | An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker wi... | 7.8 - HIGH | 2018-09-10 | 2023-11-07 |
| CVE-2016-0721 json | Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 - HIGH | 2017-04-21 | 2023-02-12 |
Known software with vulnerabilities from Clusterlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Clusterlabs | Crmsh | 1.2.0 |
| Application | Clusterlabs | Fence-agents | - |
| Application | Clusterlabs | Hawk | 0.1.1 |
| Application | Clusterlabs | Libqb | 0.1.0 |
| Application | Clusterlabs | Pacemaker | 0.6.0 |
| Application | Clusterlabs | Pacemaker Command Line Interface | 0.10.0 |
| Application | Clusterlabs | Pcs | 0.10.1 |