CVE-2020-35458
https://notcve.org/view.php?id=CVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. Se detectó un problema en ClusterLabs Hawk versiones 2.x hasta 2.3.0-x. Se presenta un problema de inyección de código de shell Ruby por medio del parámetro hawk_remember_me_id en la cookie login_from_cookie. • http://www.openwall.com/lists/oss-security/2021/01/12/3 https://bugzilla.suse.com/show_bug.cgi?id=1179998 https://github.com/ClusterLabs/hawk/releases https://www.openwall.com/lists/oss-security/2021/01/12/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2016-2515
https://notcve.org/view.php?id=CVE-2016-2515
Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression. Hawk en versiones anteriores a 3.1.3 y 4.x en versiones anteriores a 4.1.1 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o interrupción parcial ) a través de una (1) cabecera o (2) URI larga que coincide contra una expresión regular incorrecta. • http://www.openwall.com/lists/oss-security/2016/02/20/1 http://www.openwall.com/lists/oss-security/2016/02/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=1309721 https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa https://github.com/hueniverse/hawk/issues/168 https://nodesecurity.io/advisories/77 • CWE-399: Resource Management Errors •
CVE-2008-3338
https://notcve.org/view.php?id=CVE-2008-3338
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Hawk (1) la librería AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime Agent (TRA) anterior a 5.6.0; iProcess Engine de 10.3.0 a 10.6.2 y 11.0.0; y Mainframe Service Tracker anterior a 1.1.0 podría permitir a atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/31618 http://www.securityfocus.com/bid/30836 http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt http://www.vupen.com/english/advisories/2008/2448 https://exchange.xforce.ibmcloud.com/vulnerabilities/44604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1703
https://notcve.org/view.php?id=CVE-2008-1703
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Software Rendezvous anterior a 8.1.0., utilizado en múltiples productos TIBCO,permitena atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/29774 http://www.osvdb.org/44269 http://www.securityfocus.com/bid/28717 http://www.securitytracker.com/id?1019826 http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt http://www.vupen.com/english/advisories/2008/1189/references http://www.vupen.com/english/advisories/2008/1190/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-2830
https://notcve.org/view.php?id=CVE-2006-2830
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. • http://secunia.com/advisories/20452 http://securitytracker.com/id?1016145 http://www.kb.cert.org/vuls/id/999884 http://www.securityfocus.com/bid/18301 http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt http://www.vupen.com/english/advisories/2006/2155 https://exchange.xforce.ibmcloud.com/vulnerabilities/26939 •