Filtered by vendor Clusterlabs
Subscribe
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2661 | 1 Clusterlabs | 1 Pcs | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. | |||||
CVE-2018-1079 | 2 Clusterlabs, Redhat | 2 Pacemaker Command Line Interface, Enterprise Linux | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. | |||||
CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
CVE-2016-7797 | 5 Clusterlabs, Opensuse, Opensuse Project and 2 more | 7 Pacemaker, Leap, Leap and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | |||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
CVE-2015-1867 | 2 Clusterlabs, Redhat | 3 Pacemaker, Enterprise Linux High Availability, Enterprise Linux Resilient Storage | 2024-02-04 | 7.5 HIGH | N/A |
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |||||
CVE-2013-0281 | 2 Clusterlabs, Redhat | 2 Pacemaker, Enterprise Linux | 2024-02-04 | 4.3 MEDIUM | N/A |
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). |