Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data...
Rpm Rpm
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.7
CVSSv3
CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privile...
Rpm Rpm
Fedoraproject Fedora 34
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
7.5
CVSSv3
CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the f...
Sas Go Rpm Utils
6.4
CVSSv3
CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data conf...
Rpm Rpm
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions prior to 0.60.1. This flaw allows an malicious user to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The high...
Rpm Libdnf
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 8.0
NA
CVE-2006-5466
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted malicious users to execute arbitrary code via crafted RPM packages.
Rpm Package Manager 4.4.8
Ubuntu Ubuntu Linux 6.06 Lts
Ubuntu Ubuntu Linux 6.10
9.8
CVSSv3
CVE-2023-6395
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja...
Rpm-software-management Mock -
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Extra Packages For Enterprise Linux 9.0
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote malicious user to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upo...
Cisco Ios Xr -
7.8
CVSSv3
CVE-2022-39224
Arr-pm is an RPM reader/writer library written in Ruby. Versions before 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the `extract` and `files` methods of th...
Ruby-arr-pm Project Ruby-arr-pm
4.7
CVSSv3
CVE-2015-0296
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
Tug Texlive 6.20131226 R32488.fc20
Tug Texlive 3.1.20140525 R34255.fc21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »