汇总 linux-ha 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 路径处理缺陷、缓冲区溢出与拒绝服务 相关,可能在 生产负载与软件部署 场景中带来 文件覆盖 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2015-1198 | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | [email protected] | 7.5 | 3.32% | 2017-08-28 | 2026-05-13 |
| CVE-2010-3389 | The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | [email protected] | 6.9 | 0.42% | 2010-10-20 | 2026-04-29 |
| CVE-2007-4205 | XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121. | [email protected] | 7.1 | 2.51% | 2007-08-08 | 2026-04-23 |
| CVE-2006-3815 | heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. | [email protected] | 2.1 | 0.76% | 2006-07-25 | 2026-04-16 |
| CVE-2002-1215 | Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | [email protected] | 10.0 | 6.33% | 2002-10-28 | 2026-04-16 |