pcs-snmp (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package pcs-snmp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (19)
CVE-2023-28154 — CVSS 9.8 (critical): Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker…
CVE-2023-2319 — CVSS 9.8 (critical): It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to…
CVE-2022-45442 — CVSS 8.8 (high): Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0…
CVE-2022-1049 — CVSS 8.8 (high): A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired…
CVE-2026-4800 — CVSS 8.1 (high): Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in…
CVE-2022-2735 — CVSS 7.8 (high): A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal…
CVE-2023-27530 — CVSS 7.5 (high): A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could…
CVE-2022-29970 — CVSS 7.5 (high): Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
CVE-2025-59830 — CVSS 7.5 (high): Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters…
CVE-2025-61770 — CVSS 7.5 (high): Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire…
CVE-2025-61771 — CVSS 7.5 (high): Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file…
CVE-2025-61772 — CVSS 7.5 (high): Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate…
CVE-2025-61919 — CVSS 7.5 (high): Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request…
CVE-2024-26141 — CVSS 5.8 (medium): Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large…
CVE-2024-25126 — CVSS 5.3 (medium): Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much…
CVE-2024-26146 — CVSS 5.3 (medium): Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected…
CVE-2025-13465 — CVSS 5.3 (medium): Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass…