Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0199 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2024-08-06 | N/A |
| The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | ||||
| CVE-2014-0189 | 2 Redhat, Virt-who Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-08-06 | N/A |
| virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. | ||||
| CVE-2014-0201 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2024-08-06 | N/A |
| ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2014-0164 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
| openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | ||||
| CVE-2014-0135 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Kafo | 2024-08-06 | N/A |
| Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | ||||
| CVE-2014-0068 | 1 Redhat | 2 Openshift, Openshift-origin-node-util | 2024-08-06 | 5.5 Medium |
| It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | ||||
| CVE-2015-9456 | 1 Orbisius | 1 Child Theme Creator | 2024-08-06 | 6.5 Medium |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | ||||
| CVE-2015-8842 | 1 Opensuse | 1 Opensuse | 2024-08-06 | N/A |
| tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-8660 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-06 | 6.7 Medium |
| The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | ||||
| CVE-2015-7613 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-08-06 | N/A |
| Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | ||||
| CVE-2015-5284 | 1 Freeipa | 1 Freeipa | 2024-08-06 | N/A |
| ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||||
| CVE-2015-4053 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2024-08-06 | N/A |
| The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2024-08-06 | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | ||||
| CVE-2015-3243 | 1 Rsyslog | 1 Rsyslog | 2024-08-06 | N/A |
| rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | ||||
| CVE-2015-3201 | 1 Redhat | 2 Rhel Software Collections, Thermostat | 2024-08-06 | N/A |
| Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | ||||
| CVE-2015-3171 | 1 Sos Project | 1 Sos | 2024-08-06 | 5.5 Medium |
| sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. | ||||
| CVE-2015-3010 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2024-08-06 | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-08-06 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2015-0237 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-08-06 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | ||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | ||||