Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3219
fish prior to 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
Fishshell Fish
Fedoraproject Fedora 19
7.6
CVSSv2
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote malicious users to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
Realnetworks Realone Player 6.0.11.830
Realnetworks Realone Player 6.0.11.841
Realnetworks Realone Player 1.0
Realnetworks Realone Player 2.0
Realnetworks Realplayer 10.0 Beta
Realnetworks Realplayer 8.0
Realnetworks Realone Desktop Manager
Realnetworks Realone Enterprise Desktop 6.0.11.774
Realnetworks Realone Player 6.0.11.853
Realnetworks Realone Player 6.0.11.868
Realnetworks Realone Player 6.0.11.818
2.1
CVSSv2
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
4.3
CVSSv2
CVE-2011-2644
Cross-site scripting (XSS) vulnerability in Kiwi prior to 3.74.2, as used in SUSE Studio 1.1 prior to 1.1.4, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
Marcus Schafer Kiwi
Novell Suse Studio Onsite 1.1
9.3
CVSSv2
CVE-2017-7435
In libzypp prior to 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Opensuse Libzypp
9.3
CVSSv2
CVE-2017-7436
In libzypp prior to 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Opensuse Libzypp
7.5
CVSSv2
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote malicious users to make it appear that a malicious package comes from a trusted source.
Redhat Redhat Package Manager 4.0.2-71
Redhat Redhat Package Manager 4.0.3
Redhat Redhat Package Manager 4.0.2-72
Redhat Redhat Package Manager 4.0.4
2.1
CVSSv2
CVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
Webmin Webmin 0.92
Webmin Webmin 0.92.1
6.8
CVSSv2
CVE-2008-6846
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote malicious users to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
Avast Avast Antivirus 1.0.8
Avast Avast Antivirus 1.0.5
Avast Avast Antivirus 1.0.5-1
4.6
CVSSv2
CVE-2020-11228
Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure ...
Qualcomm Aqt1000 Firmware -
Qualcomm Ar8035 Firmware -
Qualcomm Pm4125 Firmware -
Qualcomm Pm4250 Firmware -
Qualcomm Pm6125 Firmware -
Qualcomm Pm6150 Firmware -
Qualcomm Pm6150a Firmware -
Qualcomm Pm6150l Firmware -
Qualcomm Pm6350 Firmware -
Qualcomm Pm640a Firmware -
Qualcomm Pm640l Firmware -
Qualcomm Pm640p Firmware -
Qualcomm Pm7250b Firmware -
Qualcomm Pm8004 Firmware -
Qualcomm Pm8005 Firmware -
Qualcomm Pm8008 Firmware -
Qualcomm Pm8350 Firmware -
Qualcomm Pm855 Firmware -
Qualcomm Pm855a Firmware -
Qualcomm Pm855b Firmware -
Qualcomm Pm855l Firmware -
Qualcomm Pm855p Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »