Every CVE whose affected-product data names Clusterlabs Pacemaker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2016-7035 — CVSS 8.8 (high): An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an…
CVE-2018-16877 — CVSS 7.8 (high): A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local…
CVE-2016-7797 — CVSS 7.5 (high): Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an…
CVE-2015-1867 — CVSS 7.5 (high): Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
CVE-2020-25654 — CVSS 7.2 (high): An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC…
CVE-2018-16878 — CVSS 5.5 (medium): A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled…
CVE-2010-2496 — CVSS 5.5 (medium): stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access…
CVE-2013-0281 — CVSS 4.3 (medium): Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration…
CVE-2019-3885 — CVSS 3.3 (low): A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be…