Skip to main content

Sos

5 CVEs product

Monthly

CVE-2022-2806 PyPI MEDIUM PATCH This Month

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos Log Collector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2015-7529 PyPI HIGH PATCH This Week

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Sos Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-3171 PyPI MEDIUM PATCH This Month

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2014-3925 MEDIUM This Month

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Ubuntu Linux Sos
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-2664 MEDIUM This Month

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Sos
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos Log Collector
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Sos Ubuntu Linux +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Ubuntu Linux +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Sos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy