Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Clusterlabs Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1086 3 Clusterlabs, Debian, Redhat 3 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux Server Eus 2023-12-10 5.0 MEDIUM 7.5 HIGH
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2023-12-10 4.3 MEDIUM 8.1 HIGH
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2023-12-10 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2016-7797 5 Clusterlabs, Opensuse, Opensuse Project and 2 more 7 Pacemaker, Leap, Leap and 4 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2015-1867 2 Clusterlabs, Redhat 3 Pacemaker, Enterprise Linux High Availability, Enterprise Linux Resilient Storage 2023-12-10 7.5 HIGH N/A
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
CVE-2013-0281 2 Clusterlabs, Redhat 2 Pacemaker, Enterprise Linux 2023-12-10 4.3 MEDIUM N/A
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).