Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file,. Rated low severity (CVSS 3.3). No vendor patch available.
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.