Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.5 views

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

7.8CVSS8.2AI score0.00675EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/03/26 12:0 a.m.18 views

Ubuntu: Security Advisory (USN-6711-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00675EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/03/25 12:0 a.m.20 views

Ubuntu 20.04 LTS : CRM shell vulnerability (USN-6711-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6711-1 advisory. Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell...

7.8CVSS8AI score0.00675EPSS
Exploits1References2
OSV
OSV
added 2021/09/16 5:43 p.m.1 views

SUSE-SU-2021:3121-1 Security update for crmsh

This update for crmsh fixes the following issues: - CVE-2020-35459: Fixed usage of utils.mkdirp instead of system mkdir command bsc1179999. - Fixed usage to collect ra trace files bsc1189641...

7.8CVSS7.7AI score0.00675EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/07/22 12:0 a.m.17 views

openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:2435-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/07/03 12:0 a.m.85 views

SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2239-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2239-1 advisory. Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix:...

7.8CVSS7.2AI score0.00675EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.17 views

openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0073-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.18 views

openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0473-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.00675EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.11 views

openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0055-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.15 views

openSUSE: Security Advisory for crmsh (openSUSE-SU-2021:0410-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7.8AI score0.00994EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/03/26 12:0 a.m.30 views

openSUSE Security Update : hawk2 (openSUSE-2021-473)

This update for hawk2 fixes the following issues : - Update to version 2.6.3 : - Remove hawkinvoke and use capture3 instead of runas bsc1179999CVE-2020-35459 - Remove unnecessary chmod bsc1182166CVE-2021-25314 - Sanitize filename to contains whitelist of alphanumeric bsc1182165 This update was...

7.8CVSS7.1AI score0.00675EPSS
Exploits2References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/03/25 12:0 a.m.24 views

Security update for hawk2 (important)

openSUSE Security Update: Security update for hawk2 Announcement ID: openSUSE-SU-2021:0473-1 Rating: important References: 1179999 1182165 1182166 Cross-References: CVE-2020-35459 CVE-2021-25314 CVSS scores: CVE-2020-35459 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35459 SUSE...

8.4CVSS8.1AI score0.00675EPSS
Exploits2References3
OSV
OSV
added 2021/03/12 4:43 p.m.4 views

SUSE-SU-2021:0782-1 Security update for crmsh

This update for crmsh fixes the following issues: - Update to version 4.3.0+20210219.5d1bf034: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc1179999;...

8.8CVSS7.8AI score0.00994EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2021/01/26 12:0 a.m.18 views

Debian: Security Advisory (DLA-2533-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00675EPSS
Exploits1References3
OSV
OSV
added 2021/01/16 10:5 a.m.8 views

OPENSUSE-SU-2021:0073-1 Security update for crmsh

This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999. This update was imported from the SUSE:SLE-15-SP1:Update update project...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/16 12:0 a.m.38 views

Security update for crmsh (important)

openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:0073-1 Rating: important References: 1179999 Cross-References: CVE-2020-35459 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for crmsh fix...

7.8CVSS7.7AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2021/01/13 5:12 p.m.8 views

OPENSUSE-SU-2021:0055-1 Security update for crmsh

This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999. This update was imported from the SUSE:SLE-15-SP2:Update update project...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/13 12:0 a.m.25 views

Security update for crmsh (important)

openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:0055-1 Rating: important References: 1179999 Cross-References: CVE-2020-35459 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for crmsh fix...

7.8CVSS7.7AI score0.00675EPSS
Exploits1References1
CVE
CVE
added 2021/01/12 2:32 p.m.186 views

CVE-2020-35459

CVE-2020-35459 affects ClusterLabs crmsh up to version 4.2.1. A local attacker can trigger shell code injection via the crm history command, potentially escalating privileges. Root cause: improper handling of commands in crm history that enables code execution. Impact: local privilege escalation....

7.8CVSS8.2AI score0.00675EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/01/12 1:33 p.m.2 views

SUSE-SU-2021:0087-1 Security update for crmsh

This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawkinvoke bsc1179999...

7.8CVSS7.8AI score0.00675EPSS
Exploits1References3
Rows per page
Query Builder