Vulnerabilities > RPM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-19 | CVE-2021-3445 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. | 7.5 |
| 2021-03-26 | CVE-2021-20271 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in RPM's signature check functionality when reading a package file. | 7.0 |
| 2018-08-13 | CVE-2017-7500 | Link Following vulnerability in RPM 4.13.0.1/4.14.0.0 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. | 7.2 |
| 2018-08-01 | CVE-2018-10897 | Link Following vulnerability in multiple products A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. | 8.1 |
| 2017-11-22 | CVE-2017-7501 | Link Following vulnerability in RPM It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. | 7.8 |
| 2010-06-08 | CVE-2010-2199 | Permissions, Privileges, and Access Controls vulnerability in RPM lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | 7.2 |
| 2010-06-08 | CVE-2005-4889 | Permissions, Privileges, and Access Controls vulnerability in RPM lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. | 7.2 |