CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Redhat 1Quickstart Cloud Installer May 13, 2026 Jun 13, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. |
1Redhat 1Quickstart Cloud Installer May 13, 2026 Apr 14, 2017 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. |
1Redhat 1Quickstart Cloud Installer May 6, 2026 Sep 22, 2016 N/A· v4 8.4 HIGH· v3 2.1 LOW· v2 The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. |
1Redhat 1Quickstart Cloud Installer May 6, 2026 Sep 22, 2016 N/A· v4 8.4 HIGH· v3 7.2 HIGH· v2 Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. |