pkg:Debian/rpm

所有已知漏洞

• HIGH7.8CVE-2017-7500It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changi…
  from 0
• HIGH7.8CVE-2017-7501It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM.
  from 0
• HIGH7.0CVE-2026-44604A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM.
  from 0
• HIGH7.0CVE-2021-20271A flaw was found in RPM's signature check functionality when reading a package file.
  from 0, < 4.16.1.2+dfsg1-1
• MEDIUM6.7CVE-2021-35939It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of th…
  from 0
• MEDIUM6.7CVE-2021-35938A symbolic link issue was found in rpm.
  from 0
• MEDIUM6.4CVE-2021-35937A race condition vulnerability was found in rpm.
  from 0
• MEDIUM5.5CVE-2021-3421A flaw was found in the RPM package in the read functionality.
  from 0, < 4.16.1.2+dfsg1-1
• MEDIUM4.9CVE-2021-20266A flaw was found in RPM's hdrblobInit() in lib/header.c.
  from 0, < 4.16.1.2+dfsg1-1
• MEDIUM4.7CVE-2021-3521There is a flaw in RPM's signature functionality.
  from 0
• —CVE-2014-8118Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section…
  from 0, < 4.11.3-1.1
• —CVE-2013-6435rpm - security update
  from 0, < 4.10.0-5+deb7u2
• —CVE-2013-6435rpm - security update
  from 0, < 4.11.3-1.1
• —CVE-2012-6088The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unpa…
  from 0, < 4.10.1-2.1
• —CVE-2012-0815The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possib…
  from 0, < 4.9.1.3-1
• —CVE-2012-0061The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote att…
  from 0, < 4.9.1.3-1
• —CVE-2012-0060rpm - security update
  from 0, < 4.8.1-6+squeeze2
• —CVE-2012-0060rpm - security update
  from 0, < 4.9.1.3-1
• —CVE-2011-3378RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly exe…
  from 0, < 4.9.1.2-1
• —CVE-2010-2199lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM pack…
  from 0
• —CVE-2010-2198lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM pack…
  from 0
• —CVE-2010-2197rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove h…
  from 0, < 4.8.1-1
• —CVE-2010-2059lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executabl…
  from 0, < 4.8.1-1
• —CVE-2005-4889lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package remo…
  from 0, < 4.7.0-1
• —CVE-2006-5466Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is s…
  from 0, < 4.4.1-11
• —CVE-2005-2096zlib - buffer overflow
  from 0, < 4.0.4-31.1