Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm 2.2.11 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions prior to 0.60.1. This flaw allows an malicious user to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The high...
Rpm Libdnf
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 8.0
4.7
CVSSv3
CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another pa...
Rpm Rpm
NA
CVE-2013-6435
Race condition in RPM 4.11.1 and previous versions allows remote malicious users to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d d...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 4.9.1.2
Rpm Rpm 2.2.11
NA
CVE-2014-8118
Integer overflow in RPM 4.12 and previous versions allows remote malicious users to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 4.9.1.2
Rpm Rpm 2.2.11
NA
CVE-2012-0060
RPM prior to 4.9.1.3 does not properly validate region tags, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2012-0061
The headerLoad function in lib/header.c in RPM prior to 4.9.1.3 does not properly validate region tags, which allows user-assisted remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM prior to 4.9.1.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric ran...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 4.8.0
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.9.0
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
NA
CVE-2010-2197
rpmbuild in RPM 4.8.0 and previous versions does not properly parse the syntax of spec files, which allows user-assisted remote malicious users to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.
Rpm Rpm 1.4.2
Rpm Rpm 1.3.1
Rpm Rpm 1.2
Rpm Rpm 2.0
Rpm Rpm 1.4.3
Rpm Rpm 1.4.4
Rpm Rpm 2.0.1
Rpm Rpm 2.0.2
Rpm Rpm 2.0.9
Rpm Rpm 2.0.10
Rpm Rpm 2.2.7
Rpm Rpm 2.2.8
Rpm Rpm 2.2
Rpm Rpm 2.3
Rpm Rpm 2.3.7
Rpm Rpm 2.3.8
Rpm Rpm 2.4.4
Rpm Rpm 2.4.5
Rpm Rpm 2.5.1
Rpm Rpm 2.5.2
Rpm Rpm 3.0.2
Rpm Rpm 3.0.3
NA
CVE-2010-2198
lib/fsm.c in RPM 4.8.0 and previous versions does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended ...
Rpm Rpm 2.3.5
Rpm Rpm 4.4.2.1
Rpm Rpm 1.4.3
Rpm Rpm 3.0.1
Rpm Rpm 4.1
Rpm Rpm 2.2.3.11
Rpm Rpm 2.4.4
Rpm Rpm 2.3.8
Rpm Rpm 2.0.6
Rpm Rpm 1.4.4
Rpm Rpm 4.4.2
Rpm Rpm 1.4.2\\/a
Rpm Rpm 2.4.1
Rpm Rpm 2.4.9
Rpm Rpm 2.6.7
Rpm Rpm 2..4.10
Rpm Rpm 1.4
Rpm Rpm 2.0.10
Rpm Rpm 2.4.5
Rpm Rpm 4.0.1
Rpm Rpm 2.2.11
Rpm Rpm 4.0.4
NA
CVE-2010-2199
lib/fsm.c in RPM 4.8.0 and previous versions does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions...
Rpm Rpm 1.4.3
Rpm Rpm 1.4.4
Rpm Rpm 2.0
Rpm Rpm 2.0.1
Rpm Rpm 1.4.5
Rpm Rpm 1.4.6
Rpm Rpm 2.0.2
Rpm Rpm 2.0.3
Rpm Rpm 2.2.1
Rpm Rpm 2.2.2
Rpm Rpm 2.2.9
Rpm Rpm 2.2.11
Rpm Rpm 2.3
Rpm Rpm 2.3.1
Rpm Rpm 2.3.9
Rpm Rpm 2.2.3.10
Rpm Rpm 2.4.6
Rpm Rpm 2.6.7
Rpm Rpm 2.5.2
Rpm Rpm 2.5.3
Rpm Rpm 3.0.4
Rpm Rpm 3.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »