Vulnerabilities > RPM > RPM > 4.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-26 | CVE-2021-35939 | Link Following vulnerability in multiple products It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. | 6.7 |
2022-08-25 | CVE-2021-35937 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A race condition vulnerability was found in rpm. | 6.4 |
2022-08-25 | CVE-2021-35938 | Link Following vulnerability in multiple products A symbolic link issue was found in rpm. | 6.7 |
2022-08-22 | CVE-2021-3521 | Improper Verification of Cryptographic Signature vulnerability in RPM There is a flaw in RPM's signature functionality. | 4.7 |
2021-05-19 | CVE-2021-3421 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the RPM package in the read functionality. | 5.5 |
2021-04-30 | CVE-2021-20266 | Out-of-bounds Read vulnerability in multiple products A flaw was found in RPM's hdrblobInit() in lib/header.c. | 4.9 |
2017-11-22 | CVE-2017-7501 | Link Following vulnerability in RPM It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. | 7.8 |
2010-06-08 | CVE-2010-2199 | Permissions, Privileges, and Access Controls vulnerability in RPM lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | 7.2 |
2010-06-08 | CVE-2010-2197 | Permissions, Privileges, and Access Controls vulnerability in RPM rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | 5.8 |
2010-06-08 | CVE-2005-4889 | Permissions, Privileges, and Access Controls vulnerability in RPM lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. | 7.2 |