Vulnerabilities > Rpath > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-17 | CVE-2008-4832 | Link Following vulnerability in Rpath Initscripts 8.128.21/8.56.150.1 rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. | 6.9 |
| 2008-07-10 | CVE-2008-3139 | Information Exposure vulnerability in multiple products The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. | 5.0 |
| 2008-07-10 | CVE-2008-3138 | Information Exposure vulnerability in multiple products The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | 5.0 |
| 2008-05-12 | CVE-2008-2139 | Permissions, Privileges, and Access Controls vulnerability in Rpath Appliance Platform Agent 2/3 The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | 6.5 |
| 2007-10-28 | CVE-2007-5686 | Permissions, Privileges, and Access Controls vulnerability in Rpath Linux 1 initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. | 4.9 |
| 2007-10-04 | CVE-2007-5194 | Permissions, Privileges, and Access Controls vulnerability in Rpath Rmake 1.0.11 The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | 6.9 |
| 2007-08-25 | CVE-2007-4131 | Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. | 6.8 |
| 2007-07-26 | CVE-2007-4029 | Denial Of Service And Memory Corruption vulnerability in Libvorbis 1.1.2 libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. | 6.8 |