CVE-2008-3278

HIGH Year: 2008
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-1188
View all →

Vulnerability Description

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.

Related Vulnerabilities

CVE-2018-17485

HIGH
CVSS:7.8(High)

Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-17497

HIGH
CVSS:7.8(High)

eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-20052

HIGH
CVSS:7.8(High)

An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privilege...

CWE-11882018

CVE-2018-3667

HIGH
CVSS:7.8(High)

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

CWE-11882018

CVE-2018-5841

HIGH
CVSS:7.8(High)

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (And...

CWE-11882018

CVE-2019-17274

HIGH
CVSS:7.8(High)

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary comma...

CWE-11882019