MiracleLinux 8 : pcs-0.10.12-6.el8.2.ML.1 (AXSA:2022-3795:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3795:05 advisory. pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 Tenable has extracted the preceding description...

MiracleLinux 9 : pcs-0.11.1-10.el9.2.ML.1 (AXSA:2023-4908:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4908:01 advisory. pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 Tenable has extracted the preceding description...

EUVD-2021-26373

Malware in sbrugna...

EUVD-2023-36451

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemon...

CVE-2023-32183

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed...

CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

Rocky Linux 9 : pcs (RLSA-2022:6313)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6313 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS...

SUSE CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

pcp bug fix and enhancement update

An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...

CVE-2023-32183

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed...

Design/Logic Flaw

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed...

CVE-2023-32183

The CVE-2023-32183 issue affects openSUSE Tumbleweed hawk2 in the hacluster area. The root cause is Incorrect Default Permissions in hawk2, enabling users with access to hacluster to escalate to root. CVSSv3.1 metrics indicate a Local, Low-Privilege requirement with High impact on confidentiality...

CVE-2023-32183

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed...

CVE-2023-32183

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed...

openSUSE Tumbleweed 安全漏洞

openSUSE Tumbleweed is an open source system from SUSE Germany. A security vulnerability exists in openSUSE Tumbleweed hawk2, which stems from the presence of an incorrect default privileges vulnerability that allows users with access to hacluster to escalate to root...

SUSE CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

AlmaLinux 8 : pcs (ALSA-2022:6314)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6314 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons...

OESA-2022-1961 pcs security update

Security Fixes: A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster"...

Debian DSA-5226-1 : pcs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5226 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...