MiracleLinux 3 : sos-1.7-9.62.0.1.AXS3 (AXSA:2012-526:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-526:01 advisory. Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging...

EUVD-2022-6735

Malicious code in bioql PyPI...

SUSE CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date...

CLSA-2022-1665681071 Fix CVE(s): CVE-2022-2806

SECURITY UPDATE: Exposed sensitive information - debian/patches/CVE-2022-2806.patch: filter out all password keys in sos/report/plugins/ovirt.py - CVE-2022-2806...

Information Disclosure

Sos is a set of tools that gather information about system hardware and configuration. The sos report utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the key...

UBUNTU-CVE-2015-3171

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...