The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).
Information Disclosure
Mageia
Readline
Opensuse
Fedora
NVD
CVSS 2.0
3.3
EPSS
0.1%
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. Rated low severity (CVSS 2.9). No vendor patch available.
IBM
Information Disclosure
Powervc
NVD
CVSS 2.0
2.9
EPSS
0.2%