Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Packagekit Project Packagekit 0.6.17
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Server 6.0
5.5
CVSSv3
CVE-2021-30346
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Qualcomm Ar8035 Firmware -
Qualcomm Qca9984 Firmware -
Qualcomm Qcm2290 Firmware -
Qualcomm Qcm4290 Firmware -
Qualcomm Qcs2290 Firmware -
Qualcomm Qcs405 Firmware -
Qualcomm Qcs4290 Firmware -
Qualcomm Sd460 Firmware -
Qualcomm Sd480 Firmware -
Qualcomm Sd662 Firmware -
Qualcomm Sd680 Firmware -
Qualcomm Sm6375 Firmware -
Qualcomm Sw5100 Firmware -
Qualcomm Sw5100p Firmware -
Qualcomm Wcd9370 Firmware -
Qualcomm Wcd9375 Firmware -
Qualcomm Wcd9385 Firmware -
Qualcomm Wcn3910 Firmware -
Qualcomm Wcn3950 Firmware -
Qualcomm Wcn3980 Firmware -
Qualcomm Wcn3988 Firmware -
Qualcomm Wcn3991 Firmware -
7.2
CVSSv3
CVE-2021-3198
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
7.8
CVSSv3
CVE-2017-9274
A shell command injection in the obs-service-source_validator prior to 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
Opensuse Obs-service-source Validator
NA
CVE-2011-2645
Unspecified vulnerability in Kiwi prior to 3.74.2, as used in SUSE Studio 1.1 prior to 1.1.4, allows remote malicious users to execute arbitrary code via a crafted filename for a custom RPM.
Novell Suse Studio Onsite 1.1
Marcus Schafer Kiwi
NA
CVE-2000-0722
Helix GNOME Updater helix-update 0.5 and previous versions allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
Helix Code Gnome Updater 0.4
Helix Code Gnome Updater 0.3
Helix Code Gnome Updater 0.1
Helix Code Gnome Updater 0.2
Helix Code Gnome Updater 0.5
7.2
CVSSv3
CVE-2021-3540
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
NA
CVE-2003-1034
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
NA
CVE-2003-0546
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote malicious users to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
Redhat Up2date 3.0.7-1
Redhat Up2date 3.1.23-1
NA
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote malicious users to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
Realnetworks Realone Player 6.0.11.830
Realnetworks Realone Player 6.0.11.841
Realnetworks Realone Player 1.0
Realnetworks Realone Player 2.0
Realnetworks Realplayer 10.0 Beta
Realnetworks Realplayer 8.0
Realnetworks Realone Desktop Manager
Realnetworks Realone Enterprise Desktop 6.0.11.774
Realnetworks Realone Player 6.0.11.853
Realnetworks Realone Player 6.0.11.868
Realnetworks Realone Player 6.0.11.818
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »