Vulnerabilities (CVE)

Filtered by vendor Sos Project Subscribe
Filtered by product Sos
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2806 2 Ovirt, Sos Project 2 Log Collector, Sos 2024-11-21 N/A 5.5 MEDIUM
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
CVE-2015-7529 3 Canonical, Redhat, Sos Project 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
CVE-2015-3171 1 Sos Project 1 Sos 2024-11-21 2.1 LOW 5.5 MEDIUM
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.