Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2011-2644
Cross-site scripting (XSS) vulnerability in Kiwi prior to 3.74.2, as used in SUSE Studio 1.1 prior to 1.1.4, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
Marcus Schafer Kiwi
Novell Suse Studio Onsite 1.1
383
VMScore
CVE-2014-3219
fish prior to 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
Fishshell Fish
Fedoraproject Fedora 19
187
VMScore
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
676
VMScore
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote malicious users to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
Realnetworks Realone Player 6.0.11.830
Realnetworks Realone Player 6.0.11.841
Realnetworks Realone Player 1.0
Realnetworks Realone Player 2.0
Realnetworks Realplayer 10.0 Beta
Realnetworks Realplayer 8.0
Realnetworks Realone Desktop Manager
Realnetworks Realone Enterprise Desktop 6.0.11.774
Realnetworks Realone Player 6.0.11.853
Realnetworks Realone Player 6.0.11.868
Realnetworks Realone Player 6.0.11.818
828
VMScore
CVE-2017-7436
In libzypp prior to 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Opensuse Libzypp
828
VMScore
CVE-2017-7435
In libzypp prior to 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Opensuse Libzypp
187
VMScore
CVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
Webmin Webmin 0.92
Webmin Webmin 0.92.1
668
VMScore
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote malicious users to make it appear that a malicious package comes from a trusted source.
Redhat Redhat Package Manager 4.0.2-71
Redhat Redhat Package Manager 4.0.3
Redhat Redhat Package Manager 4.0.2-72
Redhat Redhat Package Manager 4.0.4
169
VMScore
CVE-2007-3849
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) prior to 0.13.1 with a database that lacks checksum information, which allows context-dependent malicious users to bypass file integrity checks and modify certain files.
Redhat Enterprise Linux 5.0
605
VMScore
CVE-2008-6846
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote malicious users to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
Avast Avast Antivirus 1.0.8
Avast Avast Antivirus 1.0.5
Avast Avast Antivirus 1.0.5-1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »