15 matches found
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0198-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0198-1 advisory. hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code bsc1179998. Tenabl...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0090-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0090-1 advisory. This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input sanitation that could have led to remote code...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0089-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0089-1 advisory. This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0192-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0192-1 advisory. hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code bsc1179998. Tenabl...
SUSE SLES15 Security Update : hawk2 (SUSE-SU-2021:0200-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:0200-1 advisory. hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in t...
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0074-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0054-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : hawk2 (openSUSE-2021-54)
This update for hawk2 fixes the following security issue : - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...
openSUSE Security Update : hawk2 (openSUSE-2021-74)
This update for hawk2 fixes the following security issue : - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...
OPENSUSE-SU-2021:0074-1 Security update for hawk2
This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998. This update was imported from the SUSE:SLE-15:Update update project...
OPENSUSE-SU-2021:0054-1 Security update for hawk2
This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998. This update was imported from the SUSE:SLE-15:Update update project...
Security update for hawk2 (important)
openSUSE Security Update: Security update for hawk2 Announcement ID: openSUSE-SU-2021:0054-1 Rating: important References: 1179998 Cross-References: CVE-2020-35458 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for hawk2 fix...
CVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...
CVE-2020-35458
CVE-2020-35458 affects ClusterLabs Hawk 2.x up to 2.3.0-x. The flaw is a Ruby shell code injection via the hawk_remember_me_id parameter in the login_from_cookie cookie. This allows unauthenticated remote attackers to execute code as user hauser, leveraging the user logout routine. Red Hat and SU...
SUSE-SU-2021:0089-1 Security update for hawk2
This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution bsc1179998...