Vulnerabilities > Rpath

DATE CVE VULNERABILITY TITLE RISK
2008-11-17 CVE-2008-4832 Link Following vulnerability in Rpath Initscripts 8.128.21/8.56.150.1
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run.
local
rpath CWE-59
6.9
2008-07-10 CVE-2008-3139 Information Exposure vulnerability in multiple products
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
network
low complexity
rpath wireshark CWE-200
5.0
2008-07-10 CVE-2008-3138 Information Exposure vulnerability in multiple products
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
network
low complexity
rpath wireshark CWE-200
5.0
2008-05-12 CVE-2008-2140 Cross-Site Request Forgery (CSRF) vulnerability in Rpath Appliance Platform Agent 2/3
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
network
high complexity
rpath CWE-352
2.6
2008-05-12 CVE-2008-2139 Permissions, Privileges, and Access Controls vulnerability in Rpath Appliance Platform Agent 2/3
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
high complexity
rpath CWE-264
6.5
2007-11-07 CVE-2007-5116 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
7.5
2007-10-28 CVE-2007-5686 Permissions, Privileges, and Access Controls vulnerability in Rpath Linux 1
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.
local
low complexity
rpath CWE-264
4.9
2007-10-04 CVE-2007-5194 Permissions, Privileges, and Access Controls vulnerability in Rpath Rmake 1.0.11
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
local
rpath CWE-264
6.9
2007-08-25 CVE-2007-4131 Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //..
network
redhat rpath gnu
6.8
2007-07-26 CVE-2007-4029 Denial Of Service And Memory Corruption vulnerability in Libvorbis 1.1.2
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
network
rpath libvorbis
6.8