Lucene search
RedhatCVELIST:CVE-2021-35938HistoryAug 25, 2022 - 12:00 a.m.
CVE-2021-35938
2022-08-2500:00:00
CWE-59
redhat
www.cve.org
1
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CNA Affected
[
{
"vendor": "n/a",
"product": "RPM",
"versions": [
{
"version": "Fixed in rpm v4.18.0",
"status": "affected"
}
]
}
]References
access.redhat.com/security/cve/CVE-2021-35938
bugzilla.redhat.com/show_bug.cgi?id=1964114
bugzilla.suse.com/show_bug.cgi?id=1157880
github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033
github.com/rpm-software-management/rpm/pull/1919
rpm.org/wiki/Releases/4.18.0
security.gentoo.org/glsa/202210-22
Related
osv
osv
CVE-2021-35938
2022-08-25 20:15:09
Moderate: rpm security update
2024-02-12 20:17:16
Moderate: rpm security update
2024-02-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-35938 affecting package rpm for versions less than 4.18.0-1
2022-10-05 23:33:44
CVE-2021-35938 affecting package rpm 4.14.2-15
2024-06-11 15:33:54
debiancve
debiancve
CVE-2021-35938
2022-08-25 20:15:09
prion
prion
Design/Logic Flaw
2022-08-25 20:15:00
alpinelinux
alpinelinux
CVE-2021-35938
2022-08-25 20:15:09
ubuntucve
ubuntucve
CVE-2021-35938
2022-08-25 00:00:00
veracode
veracode
Privilege Escalation
2022-10-01 00:52:27
nvd
nvd
CVE-2021-35938
2022-08-25 20:15:09
cve
cve
CVE-2021-35938
2022-08-25 20:15:09
redhatcve
redhatcve
CVE-2021-35938
2021-07-01 17:23:07
redhat
redhat
(RHSA-2024:0424) Moderate: rpm security update
2024-01-24 14:40:29
(RHSA-2024:0582) Moderate: rpm security update
2024-01-30 12:53:23
(RHSA-2024:0463) Moderate: rpm security update
2024-01-24 14:41:02
almalinux
almalinux
Moderate: rpm security update
2024-02-01 00:00:00
Moderate: rpm security update
2024-01-25 00:00:00
freebsd
freebsd
rpm4 -- Multiple Vulnerabilities
2022-08-22 00:00:00
nessus
nessus
RHEL 8 : rpm (RHSA-2024:0647)
2024-02-01 00:00:00
RHEL 9 : rpm (RHSA-2024:0435)
2024-01-25 00:00:00
RHEL 8 : rpm (RHSA-2024:0582)
2024-01-30 00:00:00
oraclelinux
oraclelinux
rpm security update
2024-01-25 00:00:00
rpm security update
2024-02-02 00:00:00
rocky
rocky
rpm security update
2024-02-12 20:17:16
gentoo
gentoo
RPM: Multiple Vulnerabilities
2022-10-31 00:00:00
redos
redos
ROS-20240410-21
2024-04-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1202)
2023-01-12 00:00:00
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-2829)
2022-12-22 00:00:00
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1153)
2023-01-12 00:00:00
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-03-07 14:53:54
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities
2024-05-30 11:23:32
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-04-11 18:19:49