LOW🇵🇱 Wersja polska

CVE-2016-4455

CVSS 3.3v3.1pub. 2017-04-14upd. 2026-05-13

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Hpc Node

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    6.07.0
  • Red Hat Subscription Manager

    APP
    Redhat
    ≤ 1.17.6-1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-4117CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified ve...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...