The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files. Rated low severity (CVSS 3.7). Public exploit code available.
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. Rated low severity (CVSS 3.3). No vendor patch available.
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup. Rated low severity (CVSS 3.3). No vendor patch available.
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which. Rated low severity (CVSS 1.9).
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.