Known Vulnerabilities for products from Rpm
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rpm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-35939 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.7 - MEDIUM | 2022-08-26 | 2023-02-04 |
| CVE-2021-35938 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.7 - MEDIUM | 2022-08-25 | 2022-11-29 |
| CVE-2021-35937 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.4 - MEDIUM | 2022-08-25 | 2023-11-07 |
| CVE-2021-20271 json | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can con... | 7 - HIGH | 2021-03-26 | 2023-02-12 |
| CVE-2021-20266 json | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an ou... | 4.9 - MEDIUM | 2021-04-30 | 2023-11-07 |
| CVE-2021-3521 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.7 - MEDIUM | 2022-08-22 | 2023-02-12 |
| CVE-2021-3445 json | A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to ... | 7.5 - HIGH | 2021-05-19 | 2023-11-07 |
| CVE-2021-3421 json | A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to inst... | 5.5 - MEDIUM | 2021-05-19 | 2023-11-07 |
| CVE-2019-3817 json | A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, wh... | 8.8 - HIGH | 2019-03-27 | 2019-10-09 |
| CVE-2018-10897 json | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repo... | 8.1 - HIGH | 2018-08-01 | 2023-02-13 |
| CVE-2017-7501 json | It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attac... | 7.8 - HIGH | 2017-11-22 | 2023-11-07 |
| CVE-2017-7500 json | It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, p... | 7.8 - HIGH | 2018-08-13 | 2019-10-09 |
| CVE-2014-8118 json | Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the p... | 10 - HIGH | 2014-12-16 | 2023-02-13 |
| CVE-2013-6435 json | Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose insta... | 7.6 - HIGH | 2014-12-16 | 2023-02-13 |
| CVE-2012-6088 json | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations invo... | 4.3 - MEDIUM | 2013-01-18 | 2023-02-13 |
| CVE-2012-0815 json | The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (cra... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2012-0061 json | The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assis... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2012-0060 json | RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash)... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2011-3378 json | RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) an... | 9.3 - HIGH | 2011-12-24 | 2023-02-13 |
| CVE-2010-2199 json | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file ... | 7.2 - HIGH | 2010-06-08 | 2017-08-17 |