Author: Cyberthreat Blog

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.

The pulp-qpid-ssl-cfg script in Pulp before 2.8.6 allows local users to obtain the CA key.

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

Pulp before 2.8.5 uses bash’s $RANDOM in an unsafe way to generate passwords.