Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-4226
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote malicious users to overwrite arbitrary files via a symlink within an RPM package archive.
Opensuse Opensuse 2010.07.28
Opensuse Opensuse 2007.05.10
Gnu Cpio
NA
CVE-2013-3704
The RPM GPG key import and handling feature in libzypp 12.15.0 and previous versions reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote malicious users to trick users into believing that the reposi...
Novell Libzypp
Novell Libzypp 12.3
Novell Libzypp 12.2
Novell Libzypp 12.1
Novell Libzypp 11.3
Novell Libzypp 11.4
Novell Libzypp 11.2
NA
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
NA
CVE-2012-6088
The rpmpkgRead function in lib/package.c in RPM 4.10.x prior to 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote malicious users to bypass RPM signature checks via a crafted package.
Rpm Rpm 4.10.0
Rpm Rpm 4.10.1
NA
CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM prior to 4.9.1.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric ran...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2012-0060
RPM prior to 4.9.1.3 does not properly validate region tags, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2012-0061
The headerLoad function in lib/header.c in RPM prior to 4.9.1.3 does not properly validate region tags, which allows user-assisted remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2011-3378
RPM 4.4.x up to and including 4.9.x, probably prior to 4.9.1.2, allows remote malicious users to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is q...
Rpm Rpm 4.4.2.1
Rpm Rpm 4.8.0
Rpm Rpm 4.4.2
Rpm Rpm 4.6.0
Rpm Rpm 4.4.2.2
Rpm Rpm 4.7.2
Rpm Rpm 4.7.0
Rpm Rpm 4.4.2.3
Rpm Rpm 4.6.1
Rpm Rpm 4.7.1
Rpm Rpm
Rpm Rpm 4.4.2.
NA
CVE-2011-2644
Cross-site scripting (XSS) vulnerability in Kiwi prior to 3.74.2, as used in SUSE Studio 1.1 prior to 1.1.4, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
Marcus Schafer Kiwi
Novell Suse Studio Onsite 1.1
NA
CVE-2011-2645
Unspecified vulnerability in Kiwi prior to 3.74.2, as used in SUSE Studio 1.1 prior to 1.1.4, allows remote malicious users to execute arbitrary code via a crafted filename for a custom RPM.
Novell Suse Studio Onsite 1.1
Marcus Schafer Kiwi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »