52 matches found
EUVD-2017-11809
Malware in sbrugna...
EUVD-2021-26373
Malware in sbrugna...
EUVD-2022-3345
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-35459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell cod...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
CVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...
CVE-2020-35459
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...
Linux Distros Unpatched Vulnerability : CVE-2017-2661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new...
RHEL 7 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10663 - ClusterLabs pcs before versio...
RHEL 6 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcs: Cross-Site Request Forgery in web UI CVE-2016-0720 - Session fixation vulnerability in pcsd in pcs...
RHEL 7 : pcs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcs: improper authentication via PAM CVE-2022-1049 - ClusterLabs pcs before version 0.9.157 is vulnerable...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0192-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0192-1 advisory. hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code bsc1179998. Tenabl...
SUSE SLES15 Security Update : hawk2 (SUSE-SU-2021:0200-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:0200-1 advisory. hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in t...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0198-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0198-1 advisory. hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code bsc1179998. Tenabl...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0089-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0089-1 advisory. This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0090-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0090-1 advisory. This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input sanitation that could have led to remote code...
SUSE CVE-2020-35459
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
Design/Logic Flaw
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...