Known Vulnerabilities for products from Rpm
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rpm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-35939 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.7 - MEDIUM | 2022-08-26 | 2023-02-04 |
| CVE-2021-35938 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.7 - MEDIUM | 2022-08-25 | 2022-11-29 |
| CVE-2021-35937 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.4 - MEDIUM | 2022-08-25 | 2023-11-07 |
| CVE-2021-20271 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can con... | 7 - HIGH | 2021-03-26 | 2023-02-12 |
| CVE-2021-20266 | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an ou... | 4.9 - MEDIUM | 2021-04-30 | 2023-11-07 |
| CVE-2021-3521 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.7 - MEDIUM | 2022-08-22 | 2023-02-12 |
| CVE-2021-3445 | A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to ... | 7.5 - HIGH | 2021-05-19 | 2023-11-07 |
| CVE-2021-3421 | A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to inst... | 5.5 - MEDIUM | 2021-05-19 | 2023-11-07 |
| CVE-2019-3817 | A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, wh... | 8.8 - HIGH | 2019-03-27 | 2019-10-09 |
| CVE-2018-10897 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repo... | 8.1 - HIGH | 2018-08-01 | 2023-02-13 |
| CVE-2017-7501 | It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attac... | 7.8 - HIGH | 2017-11-22 | 2023-11-07 |
| CVE-2017-7500 | It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, p... | 7.8 - HIGH | 2018-08-13 | 2019-10-09 |
| CVE-2014-8118 | Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the p... | 10 - HIGH | 2014-12-16 | 2023-02-13 |
| CVE-2013-6435 | Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose insta... | 7.6 - HIGH | 2014-12-16 | 2023-02-13 |
| CVE-2012-6088 | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations invo... | 4.3 - MEDIUM | 2013-01-18 | 2023-02-13 |
| CVE-2012-0815 | The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (cra... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2012-0061 | The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assis... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2012-0060 | RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash)... | 6.8 - MEDIUM | 2012-06-04 | 2023-11-07 |
| CVE-2011-3378 | RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) an... | 9.3 - HIGH | 2011-12-24 | 2023-02-13 |
| CVE-2010-2199 | lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file ... | 7.2 - HIGH | 2010-06-08 | 2017-08-17 |