Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2096
zlib 1.2 and later versions allows remote malicious users to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Zlib Zlib 1.2.1
Zlib Zlib 1.2.0
Zlib Zlib 1.2.2
7.8
CVSSv3
CVE-2015-9006
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
Google Android -
NA
CVE-2000-0718
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
Mandrakesoft Mandrake Linux 6.0
Mandrakesoft Mandrake Linux 7.0
Mandrakesoft Mandrake Linux 6.1
Mandrakesoft Mandrake Linux 7.1
8.8
CVSSv3
CVE-2020-11210
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Qualcomm Ar8035 Firmware -
Qualcomm Pm4125 Firmware -
Qualcomm Pm4250 Firmware -
Qualcomm Pm6125 Firmware -
Qualcomm Pm6150a Firmware -
Qualcomm Pm6150l Firmware -
Qualcomm Pm6350 Firmware -
Qualcomm Pm7250b Firmware -
Qualcomm Pm8008 Firmware -
Qualcomm Pmd9655 Firmware -
Qualcomm Pmi632 Firmware -
Qualcomm Pmk8003 Firmware -
Qualcomm Qat3519 Firmware -
Qualcomm Qat3522 Firmware -
Qualcomm Qat3555 Firmware -
Qualcomm Qat5515 Firmware -
Qualcomm Qat5516 Firmware -
Qualcomm Qca6390 Firmware -
Qualcomm Qca9984 Firmware -
Qualcomm Qcm2290 Firmware -
Qualcomm Qcm4290 Firmware -
Qualcomm Qcs2290 Firmware -
9.8
CVSSv3
CVE-2011-4183
A vulnerability in open build service allows remote malicious users to upload arbitrary RPM files. Affected releases are SUSE open build service before 2.1.16.
Opensuse Open Build Service
6.4
CVSSv3
CVE-2019-1732
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbit...
Cisco Nx-os
Cisco Nx Os
5.5
CVSSv3
CVE-2021-35080
Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Qualcomm Qcm2290 Firmware -
Qualcomm Qcm4290 Firmware -
Qualcomm Qcs2290 Firmware -
Qualcomm Qcs4290 Firmware -
Qualcomm Sd460 Firmware -
Qualcomm Sd480 Firmware -
Qualcomm Sd662 Firmware -
Qualcomm Sd680 Firmware -
Qualcomm Sd695 Firmware -
Qualcomm Sm4125 Firmware -
Qualcomm Sw5100 Firmware -
Qualcomm Sw5100p Firmware -
Qualcomm Wcd9370 Firmware -
Qualcomm Wcd9375 Firmware -
Qualcomm Wcd9385 Firmware -
Qualcomm Wcn3910 Firmware -
Qualcomm Wcn3950 Firmware -
Qualcomm Wcn3980 Firmware -
Qualcomm Wcn3988 Firmware -
Qualcomm Wcn3991 Firmware -
Qualcomm Wcn3998 Firmware -
Qualcomm Wsa8810 Firmware -
5.5
CVSSv3
CVE-2021-35070
RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile
Qualcomm Qcm6125 Firmware -
Qualcomm Qcs6125 Firmware -
Qualcomm Sd665 Firmware -
Qualcomm Wcd9370 Firmware -
Qualcomm Wcd9375 Firmware -
Qualcomm Wcn3950 Firmware -
Qualcomm Wcn3980 Firmware -
Qualcomm Wsa8810 Firmware -
Qualcomm Wsa8815 Firmware -
5.3
CVSSv3
CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Packagekit Project Packagekit 0.6.17
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Server 6.0
NA
CVE-2010-4226
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote malicious users to overwrite arbitrary files via a symlink within an RPM package archive.
Opensuse Opensuse 2010.07.28
Opensuse Opensuse 2007.05.10
Gnu Cpio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »