Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2007-3849
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) prior to 0.13.1 with a database that lacks checksum information, which allows context-dependent malicious users to bypass file integrity checks and modify certain files.
Redhat Enterprise Linux 5.0
5.4
CVSSv2
CVE-2006-5466
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted malicious users to execute arbitrary code via crafted RPM packages.
Rpm Package Manager 4.4.8
Ubuntu Ubuntu Linux 6.06 Lts
Ubuntu Ubuntu Linux 6.10
5
CVSSv2
CVE-2005-1849
inftrees.h in zlib 1.2.2 allows remote malicious users to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
Zlib Zlib 1.2.2
7.5
CVSSv2
CVE-2005-2096
zlib 1.2 and later versions allows remote malicious users to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Zlib Zlib 1.2.1
Zlib Zlib 1.2.0
Zlib Zlib 1.2.2
7.6
CVSSv2
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote malicious users to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
Realnetworks Realone Player 6.0.11.830
Realnetworks Realone Player 6.0.11.841
Realnetworks Realone Player 1.0
Realnetworks Realone Player 2.0
Realnetworks Realplayer 10.0 Beta
Realnetworks Realplayer 8.0
Realnetworks Realone Desktop Manager
Realnetworks Realone Enterprise Desktop 6.0.11.774
Realnetworks Realone Player 6.0.11.853
Realnetworks Realone Player 6.0.11.868
Realnetworks Realone Player 6.0.11.818
4.6
CVSSv2
CVE-2003-1034
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
4.6
CVSSv2
CVE-2004-2133
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writabl...
Cvsup Cvsup Cvsup-16.1h-2.i386.rpm
Cvsup Cvsup Cvsup-16.1h-36.i586.rpm
Cvsup Cvsup Cvsup-16.1h-43.i586.rpm
4.6
CVSSv2
CVE-2003-1156
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 up to and including 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM ...
Sun Jre 1.4.2
Sun Jdk 1.4.2
Sun Jdk 1.4.2 02
7.5
CVSSv2
CVE-2003-0546
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote malicious users to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
Redhat Up2date 3.0.7-1
Redhat Up2date 3.1.23-1
7.5
CVSSv2
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote malicious users to make it appear that a malicious package comes from a trusted source.
Redhat Redhat Package Manager 4.0.2-71
Redhat Redhat Package Manager 4.0.3
Redhat Redhat Package Manager 4.0.2-72
Redhat Redhat Package Manager 4.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »