VYPR
Vendor

Rpath

Products
5
CVEs
14
Across products
16
Status
Private

Products

5

Recent CVEs

14
  • CVE-2007-5962May 22, 2008
    risk 0.04cvss epss 0.12

    Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands,…

  • CVE-2008-4832Nov 17, 2008
    risk 0.00cvss epss 0.00

    rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE:…

  • CVE-2008-3138Jul 10, 2008
    risk 0.00cvss epss 0.02

    The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

  • CVE-2008-3139Jul 10, 2008
    risk 0.00cvss epss 0.03

    The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

  • CVE-2008-2140May 12, 2008
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.

  • CVE-2008-2139May 12, 2008
    risk 0.00cvss epss 0.00

    The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain…

  • CVE-2008-1078Feb 29, 2008
    risk 0.00cvss epss 0.01

    expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

  • CVE-2007-5686Oct 28, 2007
    risk 0.00cvss epss 0.01

    initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents…

  • CVE-2007-5194Oct 4, 2007
    risk 0.00cvss epss 0.00

    The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.

  • CVE-2007-1351Apr 6, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

  • CVE-2007-1352Apr 6, 2007
    risk 0.00cvss epss 0.02

    Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

  • CVE-2007-0557Jan 29, 2007
    risk 0.00cvss epss 0.00

    rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.

  • CVE-2007-0536Jan 27, 2007
    risk 0.00cvss epss 0.00

    The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.

  • CVE-2006-6235Dec 7, 2006
    risk 0.00cvss epss 0.06

    A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.