Vulnerabilities > RPM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2021-35939 | Link Following vulnerability in multiple products It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. | 6.7 |
| 2022-08-25 | CVE-2021-35937 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A race condition vulnerability was found in rpm. | 6.4 |
| 2022-08-25 | CVE-2021-35938 | Link Following vulnerability in multiple products A symbolic link issue was found in rpm. | 6.7 |
| 2022-08-22 | CVE-2021-3521 | Improper Verification of Cryptographic Signature vulnerability in RPM There is a flaw in RPM's signature functionality. | 4.7 |
| 2021-05-19 | CVE-2021-3421 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the RPM package in the read functionality. | 5.5 |
| 2021-05-19 | CVE-2021-3445 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. | 7.5 |
| 2021-04-30 | CVE-2021-20266 | Out-of-bounds Read vulnerability in multiple products A flaw was found in RPM's hdrblobInit() in lib/header.c. | 4.9 |
| 2021-03-26 | CVE-2021-20271 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in RPM's signature check functionality when reading a package file. | 7.0 |
| 2019-03-27 | CVE-2019-3817 | Use After Free vulnerability in RPM Libcomps A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. | 8.8 |
| 2018-08-13 | CVE-2017-7500 | Link Following vulnerability in RPM 4.13.0.1/4.14.0.0 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. | 7.8 |