Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | |||||
| CVE-2022-2806 | 2 Ovirt, Sos Project | 2 Log Collector, Sos | 2022-09-07 | N/A | 5.5 MEDIUM |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | |||||
| CVE-2015-3171 | 1 Sos Project | 1 Sos | 2019-12-11 | 2.1 LOW | 5.5 MEDIUM |
| sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. | |||||