Vulnerabilities > RPM

DATE CVE VULNERABILITY TITLE RISK
2021-05-19 CVE-2021-3421 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in the RPM package in the read functionality.
4.3
2021-05-19 CVE-2021-3445 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1.
network
high complexity
rpm fedoraproject redhat CWE-347
5.1
2021-04-30 CVE-2021-20266 Out-of-bounds Read vulnerability in multiple products
A flaw was found in RPM's hdrblobInit() in lib/header.c.
network
low complexity
rpm fedoraproject CWE-125
4.0
2021-03-26 CVE-2021-20271 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in RPM's signature check functionality when reading a package file.
network
high complexity
rpm redhat fedoraproject CWE-345
5.1
2019-03-27 CVE-2019-3817 Use After Free vulnerability in RPM Libcomps
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged.
network
rpm CWE-416
6.8
2018-08-13 CVE-2017-7500 Link Following vulnerability in RPM 4.13.0.1/4.14.0.0
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination.
local
low complexity
rpm CWE-59
7.2
2018-08-01 CVE-2018-10897 Path Traversal vulnerability in multiple products
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files.
network
rpm redhat CWE-22
critical
9.3
2017-11-22 CVE-2017-7501 Link Following vulnerability in RPM
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM.
local
low complexity
rpm CWE-59
4.6
2014-12-16 CVE-2014-8118 Numeric Errors vulnerability in RPM
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
network
low complexity
rpm CWE-189
critical
10.0
2014-12-16 CVE-2013-6435 Injection vulnerability in multiple products
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
network
high complexity
rpm debian CWE-74
7.6