Skip to main content

Rpm

10 CVEs product

Monthly

CVE-2021-3421 MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-20266 MEDIUM PATCH This Month

A flaw was found in RPM's hdrblobInit() in lib/header.c. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rpm Fedora
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-20271 HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux Fedora Starwind Virtual San
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2017-7501 HIGH PATCH This Week

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Rpm
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-8118 CRITICAL Act Now

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

RCE Buffer Overflow Rpm
NVD
CVSS 2.0
10.0
EPSS
11.8%
CVE-2013-6435 HIGH This Week

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Rpm Debian Linux
NVD
CVSS 2.0
7.6
EPSS
5.1%
CVE-2012-6088 MEDIUM PATCH This Month

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Authentication Bypass Rpm
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-0815 MEDIUM PATCH This Month

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Rpm
NVD
CVSS 2.0
6.8
EPSS
7.0%
CVE-2012-0061 MEDIUM This Month

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Rpm
NVD
CVSS 2.0
6.8
EPSS
4.9%
CVE-2012-0060 MEDIUM This Month

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Rpm
NVD
CVSS 2.0
6.8
EPSS
4.9%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm +2
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

A flaw was found in RPM's hdrblobInit() in lib/header.c. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rpm +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Rpm
NVD GitHub
EPSS 12% CVSS 10.0
CRITICAL Act Now

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

RCE Buffer Overflow Rpm
NVD
EPSS 5% CVSS 7.6
HIGH This Week

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Rpm Debian Linux
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Authentication Bypass Rpm
NVD
EPSS 7% CVSS 6.8
MEDIUM PATCH This Month

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Rpm
NVD
EPSS 5% CVSS 6.8
MEDIUM This Month

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Rpm
NVD
EPSS 5% CVSS 6.8
MEDIUM This Month

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Rpm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy