Vulnerabilities > RPM

DATE CVE VULNERABILITY TITLE RISK
2018-08-01 CVE-2018-10897 Link Following vulnerability in multiple products
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files.
network
high complexity
rpm redhat CWE-59
8.1
2017-11-22 CVE-2017-7501 Link Following vulnerability in RPM
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM.
local
low complexity
rpm CWE-59
7.8
2010-06-08 CVE-2010-2199 Permissions, Privileges, and Access Controls vulnerability in RPM
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
local
low complexity
rpm CWE-264
7.2
2010-06-08 CVE-2010-2197 Permissions, Privileges, and Access Controls vulnerability in RPM
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.
network
rpm CWE-264
5.8
2010-06-08 CVE-2005-4889 Permissions, Privileges, and Access Controls vulnerability in RPM
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
local
low complexity
rpm CWE-264
7.2
2006-11-06 CVE-2006-5466 Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
network
high complexity
rpm ubuntu
5.4