Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-2096
zlib 1.2 and later versions allows remote malicious users to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Zlib Zlib 1.2.1
Zlib Zlib 1.2.0
Zlib Zlib 1.2.2
7.5
CVSSv2
CVE-2003-0546
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote malicious users to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
Redhat Up2date 3.0.7-1
Redhat Up2date 3.1.23-1
7.5
CVSSv2
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote malicious users to make it appear that a malicious package comes from a trusted source.
Redhat Redhat Package Manager 4.0.2-71
Redhat Redhat Package Manager 4.0.2-72
Redhat Redhat Package Manager 4.0.3
Redhat Redhat Package Manager 4.0.4
7.2
CVSSv2
CVE-2020-11210
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Qualcomm Ar8035 Firmware -
Qualcomm Pm4125 Firmware -
Qualcomm Pm4250 Firmware -
Qualcomm Pm6125 Firmware -
Qualcomm Pm6150a Firmware -
Qualcomm Pm6150l Firmware -
Qualcomm Pm6350 Firmware -
Qualcomm Pm7250b Firmware -
Qualcomm Pm8008 Firmware -
Qualcomm Pmd9655 Firmware -
Qualcomm Pmi632 Firmware -
Qualcomm Pmk8003 Firmware -
Qualcomm Qat3519 Firmware -
Qualcomm Qat3522 Firmware -
Qualcomm Qat3555 Firmware -
Qualcomm Qat5515 Firmware -
Qualcomm Qat5516 Firmware -
Qualcomm Qca6390 Firmware -
Qualcomm Qca9984 Firmware -
Qualcomm Qcm2290 Firmware -
Qualcomm Qcm4290 Firmware -
Qualcomm Qcs2290 Firmware -
7.2
CVSSv2
CVE-2018-19639
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
Opensuse Supportutils
7.2
CVSSv2
CVE-2017-18282
Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.
Qualcomm Mdm9206 Firmware -
Qualcomm Mdm9607 Firmware -
Qualcomm Mdm9650 Firmware -
Qualcomm Sd210 Firmware -
Qualcomm Sd212 Firmware -
Qualcomm Sd205 Firmware -
Qualcomm Sd425 Firmware -
Qualcomm Sd430 Firmware -
Qualcomm Sd450 Firmware -
Qualcomm Sd625 Firmware -
Qualcomm Sd650 Firmware -
Qualcomm Sd652 Firmware -
Qualcomm Sd835 Firmware -
Qualcomm Sda660 Firmware -
7.2
CVSSv2
CVE-2017-7500
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write acces...
Rpm Rpm 4.14.0.0
Rpm Rpm
7.2
CVSSv2
CVE-2017-8968
A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.
Hp Restful Interface Tool 2.0
Hp Restful Interface Tool 1.5
7.2
CVSSv2
CVE-2005-4889
lib/fsm.c in RPM prior to 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issu...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm 2..4.10
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
Rpm Rpm 4.0.4
Rpm Rpm 2.2.1
7.2
CVSSv2
CVE-2010-2059
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM prior to 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link t...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 4.4.2
Rpm Rpm 1.4.2/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm 2..4.10
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
Rpm Rpm 4.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »