VYPR
Vendor

Sos Project

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2015-7529HigNov 6, 2017
    risk 0.51cvss 7.8epss 0.00

    sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

  • CVE-2015-3171MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.00

    sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.

  • CVE-2022-2806Sep 1, 2022
    risk 0.00cvss epss 0.00

    It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

  • CVE-2014-0246May 29, 2014
    risk 0.00cvss epss 0.01

    SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.