Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Rpm Rpm
Fedoraproject Fedora 33
Fedoraproject Fedora 34
668
VMScore
CVE-2021-31414
The unofficial vscode-rpm-spec extension prior to 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
641
VMScore
CVE-2020-11210
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Qualcomm Ar8035 Firmware -
Qualcomm Pm4125 Firmware -
Qualcomm Pm4250 Firmware -
Qualcomm Pm6125 Firmware -
Qualcomm Pm6150a Firmware -
Qualcomm Pm6150l Firmware -
Qualcomm Pm6350 Firmware -
Qualcomm Pm7250b Firmware -
Qualcomm Pm8008 Firmware -
Qualcomm Pmd9655 Firmware -
Qualcomm Pmi632 Firmware -
Qualcomm Pmk8003 Firmware -
Qualcomm Qat3519 Firmware -
Qualcomm Qat3522 Firmware -
Qualcomm Qat3555 Firmware -
Qualcomm Qat5515 Firmware -
Qualcomm Qat5516 Firmware -
Qualcomm Qca6390 Firmware -
Qualcomm Qca9984 Firmware -
Qualcomm Qcm2290 Firmware -
Qualcomm Qcm4290 Firmware -
Qualcomm Qcs2290 Firmware -
454
VMScore
CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The ...
Rpm Rpm 4.16.0
Rpm Rpm 4.15.0
Rpm Rpm
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Starwindsoftware Starwind Virtual San V8
409
VMScore
CVE-2020-11228
Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure ...
Qualcomm Aqt1000 Firmware -
Qualcomm Ar8035 Firmware -
Qualcomm Pm4125 Firmware -
Qualcomm Pm4250 Firmware -
Qualcomm Pm6125 Firmware -
Qualcomm Pm6150 Firmware -
Qualcomm Pm6150a Firmware -
Qualcomm Pm6150l Firmware -
Qualcomm Pm6350 Firmware -
Qualcomm Pm640a Firmware -
Qualcomm Pm640l Firmware -
Qualcomm Pm640p Firmware -
Qualcomm Pm7250b Firmware -
Qualcomm Pm8004 Firmware -
Qualcomm Pm8005 Firmware -
Qualcomm Pm8008 Firmware -
Qualcomm Pm8350 Firmware -
Qualcomm Pm855 Firmware -
Qualcomm Pm855a Firmware -
Qualcomm Pm855b Firmware -
Qualcomm Pm855l Firmware -
Qualcomm Pm855p Firmware -
445
VMScore
CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the f...
Sas Go Rpm Utils
890
VMScore
CVE-2020-10511
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.
Hgiga Oaklouds Ccm\\@il -
801
VMScore
CVE-2020-10512
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows malicious users to injecting SQL commands in the URL parameter to execute unauthorized commands.
Hgiga Oaklouds Ccm\\@il -
409
VMScore
CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Packagekit Project Packagekit 0.6.17
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Server 6.0
187
VMScore
CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
Dovecot Dovecot -
Opensuse Leap 42.1
Opensuse Leap 42.2
Opensuse Opensuse 13.2
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »