EUVD-2022-3345

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-35459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell cod...

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

OPENSUSE-SU-2024:10700-1 crmsh-4.3.1+20210913.d7356663-1.2 on GA media

These are all security issues fixed in the crmsh-4.3.1+20210913.d7356663-1.2 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-6711-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6711-1 crmsh vulnerability

Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...

Mageia: Security Advisory (MGASA-2023-0073)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated crmsh packages fix security vulnerability

Privilege escalation CVE-2021-3020 and other fixes...

MGASA-2023-0073 Updated crmsh packages fix security vulnerability

Privilege escalation CVE-2021-3020 and other fixes...

SUSE CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

Privilege Escalation

crmsh is vulnerable to privilege escalation. The vulnerability exists because the ssh access for hacluster is not properly handled which allows an attacker to gain root privileges and perform unauthorized actions...

GHSA-99XX-83JM-H24M ClusterLabs crmsh vulnerable to shell code injection

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

ClusterLabs crmsh vulnerable to shell code injection

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

Mageia: Security Advisory (MGASA-2021-0049)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : crmsh (SUSE-SU-2021:3121-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:3121-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands vi...

SUSE-SU-2021:3121-1 Security update for crmsh

This update for crmsh fixes the following issues: - CVE-2020-35459: Fixed usage of utils.mkdirp instead of system mkdir command bsc1179999. - Fixed usage to collect ra trace files bsc1189641...

openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:1087-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE 15 Security Update : crmsh (openSUSE-SU-2021:1087-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1087-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands...

OPENSUSE-SU-2021:1087-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

Security update for crmsh (moderate)

openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:1087-1 Rating: moderate References: 1163460 1175982 1179999 1184465 1185423 1187553 SLE-17979 Cross-References: CVE-2020-35459 CVSS scores: CVE-2020-35459 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...