Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2011-3378
RPM 4.4.x up to and including 4.9.x, probably prior to 4.9.1.2, allows remote malicious users to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is q...
Rpm Rpm 4.4.2.1
Rpm Rpm 4.8.0
Rpm Rpm 4.4.2
Rpm Rpm 4.6.0
Rpm Rpm 4.4.2.2
Rpm Rpm 4.7.2
Rpm Rpm 4.7.0
Rpm Rpm 4.4.2.3
Rpm Rpm 4.6.1
Rpm Rpm 4.7.1
Rpm Rpm
Rpm Rpm 4.4.2.
641
VMScore
CVE-2017-7500
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write acces...
Rpm Rpm 4.14.0.0
Rpm Rpm
383
VMScore
CVE-2012-6088
The rpmpkgRead function in lib/package.c in RPM 4.10.x prior to 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote malicious users to bypass RPM signature checks via a crafted package.
Rpm Rpm 4.10.0
Rpm Rpm 4.10.1
NA
CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another pa...
Rpm Rpm
409
VMScore
CVE-2017-7501
It was found that versions of rpm prior to 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possi...
Rpm Rpm
454
VMScore
CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The ...
Rpm Rpm 4.16.0
Rpm Rpm 4.15.0
Rpm Rpm
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Starwindsoftware Starwind Virtual San V8
NA
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. ...
Rpm Rpm
Redhat Enterprise Linux 8.0
356
VMScore
CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Rpm Rpm
Fedoraproject Fedora 33
Fedoraproject Fedora 34
409
VMScore
CVE-2004-2133
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writabl...
Cvsup Cvsup Cvsup-16.1h-2.i386.rpm
Cvsup Cvsup Cvsup-16.1h-36.i586.rpm
Cvsup Cvsup Cvsup-16.1h-43.i586.rpm
605
VMScore
CVE-2019-3817
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
Rpm Libcomps
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »