24 matches found
CVE-2020-35459
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...
Ubuntu: Security Advisory (USN-6711-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : CRM shell vulnerability (USN-6711-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6711-1 advisory. Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell...
SUSE-SU-2021:3121-1 Security update for crmsh
This update for crmsh fixes the following issues: - CVE-2020-35459: Fixed usage of utils.mkdirp instead of system mkdir command bsc1179999. - Fixed usage to collect ra trace files bsc1189641...
openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:2435-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2239-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2239-1 advisory. Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix:...
openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0073-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0473-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0055-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0410-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : hawk2 (openSUSE-2021-473)
This update for hawk2 fixes the following issues : - Update to version 2.6.3 : - Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 - Remove unnecessary chmod bsc1182166CVE-2021-25314 - Sanitize filename to contains whitelist of alphanumeric bsc1182165 This update was...
Security update for hawk2 (important)
openSUSE Security Update: Security update for hawk2 Announcement ID: openSUSE-SU-2021:0473-1 Rating: important References: 1179999 1182165 1182166 Cross-References: CVE-2020-35459 CVE-2021-25314 CVSS scores: CVE-2020-35459 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35459 SUSE...
SUSE-SU-2021:0782-1 Security update for crmsh
This update for crmsh fixes the following issues: - Update to version 4.3.0+20210219.5d1bf034: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc1179999;...
Debian: Security Advisory (DLA-2533-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2021:0073-1 Security update for crmsh
This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999. This update was imported from the SUSE:SLE-15-SP1:Update update project...
Security update for crmsh (important)
openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:0073-1 Rating: important References: 1179999 Cross-References: CVE-2020-35459 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for crmsh fix...
OPENSUSE-SU-2021:0055-1 Security update for crmsh
This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999. This update was imported from the SUSE:SLE-15-SP2:Update update project...
Security update for crmsh (important)
openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:0055-1 Rating: important References: 1179999 Cross-References: CVE-2020-35459 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for crmsh fix...
CVE-2020-35459
CVE-2020-35459 affects ClusterLabs crmsh up to version 4.2.1. A local attacker can trigger shell code injection via the crm history command, potentially escalating privileges. Root cause: improper handling of commands in crm history that enables code execution. Impact: local privilege escalation....
SUSE-SU-2021:0087-1 Security update for crmsh
This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999...