Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Rpm Rpm
Fedoraproject Fedora 33
Fedoraproject Fedora 34
2.1
CVSSv2
CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
Dovecot Dovecot -
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
2.1
CVSSv2
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello-configure
Katello Katello -
2.1
CVSSv2
CVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
Webmin Webmin 0.92
Webmin Webmin 0.92.1
2.1
CVSSv2
CVE-1999-0862
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
Postgresql Postgresql 6.3.2
Postgresql Postgresql 6.5.3.1
Postgresql Postgresql 6.5.3
1.9
CVSSv2
CVE-2007-3849
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) prior to 0.13.1 with a database that lacks checksum information, which allows context-dependent malicious users to bypass file integrity checks and modify certain files.
Redhat Enterprise Linux 5.0
1.2
CVSSv2
CVE-2015-0296
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
Tug Texlive 6.20131226 R32488.fc20
Tug Texlive 3.1.20140525 R34255.fc21
1.2
CVSSv2
CVE-2000-0718
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
Mandrakesoft Mandrake Linux 7.0
Mandrakesoft Mandrake Linux 7.1
Mandrakesoft Mandrake Linux 6.0
Mandrakesoft Mandrake Linux 6.1
NA
CVE-2024-27003
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clk_summary through debugfs. Failure to do so w...
NA
CVE-2024-2905
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »