Rpath
rpath
13 CVEs • 6 products
Products (6)
Click to collapseToggle
Products (6)
Click to collapse
CVEs (13)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a rac...Show more |
2Rpath Wireshark2Rpath Linux WiresharkApr 23, 2026 Jul 10, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. |
2Rpath Wireshark2Rpath Linux WiresharkApr 23, 2026 Jul 10, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. |
3Foresight Linux RedhatRpath4Appliance Platform Agent AppliancesEnterprise Linux+1 moreApr 23, 2026 May 22, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of servi...Show more |
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. |
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically...Show more |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same iss...Show more |
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure perm...Show more |
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. |
8Mandrakesoft OpenbsdRedhat+5 more12Enterprise Linux Enterprise Linux DesktopFedora Core+9 moreApr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 3.8 LOW· v2 Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overfl...Show more |
7Mandrakesoft OpenbsdRedhat+4 more9Enterprise Linux Enterprise Linux DesktopLibxfont+6 moreApr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts,...Show more |
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. |
6Gnu Gpg4winRedhat+3 more9Enterprise Linux Enterprise Linux DesktopFedora Core+6 moreApr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a funct...Show more |