EUVD-2021-10123

Malware in sbrugna...

CVE-2021-22995

On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ high availability HA when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

pcs security update

0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...

corosync-qdevice bug fix and enhancement update

An update is available for corosync-qdevice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync-qdevice package contains the Corosync Cluster Engine...

pcs security update

0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5 - Fixed ruby socket permissions - Resolves: rhbz2116838 0.10.14-4 - Fixed enable sbd from webui - Resolves: rhbz2117650 0.10.14-3 - Fixed pcs quorum device remove - Resolves: rhbz2115326 0.10.14-2 - Fixed booth ticket mode value ca...

CVE-2021-23005

On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...

CVE-2021-23005

On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...

CVE-2021-23005

The CVE-2021-23005 issue affects BIG-IQ high-availability (HA) when using a Quorum device for automatic failover; TLS is not used with the Corosync protocol, exposing in-transit data to potential eavesdropping/modification. Affected BIG-IQ HA versions are 7.x and 6.x; this is fixed in BIG-IQ 8.0....

CVE-2021-23005

On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...

CVE-2021-22995

On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ high availability HA when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

Authentication flaw

On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ high availability HA when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

CVE-2021-22995

CVE-2021-22995 concerns BIG-IQ high availability (HA) when using a Quorum device for automatic failover. The root cause is that the Corosync daemon authentication is not implemented, allowing unauthenticated interaction in affected setups. Applicable products: BIG-IQ HA configurations (7.x/6.x li...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...