ReportizFlow
Filtered by vendor Rpm
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20271 | 4 Fedoraproject, Redhat, Rpm and 1 more | 9 Fedora, Enterprise Linux, Rhel Aus and 6 more | 2024-11-21 | 7.0 High |
| A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. | ||||
| CVE-2021-20266 | 3 Fedoraproject, Redhat, Rpm | 3 Fedora, Enterprise Linux, Rpm | 2024-11-21 | 4.9 Medium |
| A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2019-3817 | 2 Redhat, Rpm | 3 Enterprise Linux, Rhel Extras Other, Libcomps | 2024-11-21 | N/A |
| A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. | ||||
| CVE-2018-10897 | 2 Redhat, Rpm | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 8.1 High |
| A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. | ||||
| CVE-2017-7500 | 1 Rpm | 1 Rpm | 2024-11-21 | N/A |
| It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. | ||||