Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-0060
HistoryJun 04, 2012 - 8:55 p.m.

CVE-2012-0060

2012-06-0420:55:01
CWE-20
[email protected]
web.nvd.nist.gov
7

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.046

Percentile

92.5%

JSON

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Affected configurations

Nvd
Node
rpmrpmRange4.9.1.2
OR
rpmrpmMatch1.2
OR
rpmrpmMatch1.3
OR
rpmrpmMatch1.3.1
OR
rpmrpmMatch1.4
OR
rpmrpmMatch1.4.1
OR
rpmrpmMatch1.4.2
OR
rpmrpmMatch1.4.2\/a
OR
rpmrpmMatch1.4.3
OR
rpmrpmMatch1.4.4
OR
rpmrpmMatch1.4.5
OR
rpmrpmMatch1.4.6
OR
rpmrpmMatch1.4.7
OR
rpmrpmMatch2.0
OR
rpmrpmMatch2.0.1
OR
rpmrpmMatch2.0.2
OR
rpmrpmMatch2.0.3
OR
rpmrpmMatch2.0.4
OR
rpmrpmMatch2.0.5
OR
rpmrpmMatch2.0.6
OR
rpmrpmMatch2.0.7
OR
rpmrpmMatch2.0.8
OR
rpmrpmMatch2.0.9
OR
rpmrpmMatch2.0.10
OR
rpmrpmMatch2.0.11
OR
rpmrpmMatch2.1
OR
rpmrpmMatch2.1.1
OR
rpmrpmMatch2.1.2
OR
rpmrpmMatch2.2
OR
rpmrpmMatch2.2.1
OR
rpmrpmMatch2.2.2
OR
rpmrpmMatch2.2.3
OR
rpmrpmMatch2.2.3.10
OR
rpmrpmMatch2.2.3.11
OR
rpmrpmMatch2.2.4
OR
rpmrpmMatch2.2.5
OR
rpmrpmMatch2.2.6
OR
rpmrpmMatch2.2.7
OR
rpmrpmMatch2.2.8
OR
rpmrpmMatch2.2.9
OR
rpmrpmMatch2.2.10
OR
rpmrpmMatch2.2.11
OR
rpmrpmMatch2.3
OR
rpmrpmMatch2.3.1
OR
rpmrpmMatch2.3.2
OR
rpmrpmMatch2.3.3
OR
rpmrpmMatch2.3.4
OR
rpmrpmMatch2.3.5
OR
rpmrpmMatch2.3.6
OR
rpmrpmMatch2.3.7
OR
rpmrpmMatch2.3.8
OR
rpmrpmMatch2.3.9
OR
rpmrpmMatch2.4.1
OR
rpmrpmMatch2.4.2
OR
rpmrpmMatch2.4.3
OR
rpmrpmMatch2.4.4
OR
rpmrpmMatch2.4.5
OR
rpmrpmMatch2.4.6
OR
rpmrpmMatch2.4.8
OR
rpmrpmMatch2.4.9
OR
rpmrpmMatch2.4.11
OR
rpmrpmMatch2.4.12
OR
rpmrpmMatch2.5
OR
rpmrpmMatch2.5.1
OR
rpmrpmMatch2.5.2
OR
rpmrpmMatch2.5.3
OR
rpmrpmMatch2.5.4
OR
rpmrpmMatch2.5.5
OR
rpmrpmMatch2.5.6
OR
rpmrpmMatch2.6.7
OR
rpmrpmMatch3.0
OR
rpmrpmMatch3.0.1
OR
rpmrpmMatch3.0.2
OR
rpmrpmMatch3.0.3
OR
rpmrpmMatch3.0.4
OR
rpmrpmMatch3.0.5
OR
rpmrpmMatch3.0.6
OR
rpmrpmMatch4.0.
OR
rpmrpmMatch4.0.1
OR
rpmrpmMatch4.0.2
OR
rpmrpmMatch4.0.3
OR
rpmrpmMatch4.0.4
OR
rpmrpmMatch4.1
OR
rpmrpmMatch4.3.3
OR
rpmrpmMatch4.4.2.1
OR
rpmrpmMatch4.4.2.2
OR
rpmrpmMatch4.4.2.3
OR
rpmrpmMatch4.5.90
OR
rpmrpmMatch4.6.0
OR
rpmrpmMatch4.6.0rc1
OR
rpmrpmMatch4.6.0rc2
OR
rpmrpmMatch4.6.0rc3
OR
rpmrpmMatch4.6.0rc4
OR
rpmrpmMatch4.6.1
OR
rpmrpmMatch4.7.0
OR
rpmrpmMatch4.7.1
OR
rpmrpmMatch4.7.2
OR
rpmrpmMatch4.8.0
OR
rpmrpmMatch4.8.1
OR
rpmrpmMatch4.9.0
OR
rpmrpmMatch4.9.0alpha
OR
rpmrpmMatch4.9.0beta1
OR
rpmrpmMatch4.9.0rc1
OR
rpmrpmMatch4.9.1
OR
rpmrpmMatch4.9.1.1
VendorProductVersionCPE
rpmrpm*cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
rpmrpm1.2cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
rpmrpm1.3cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
rpmrpm1.3.1cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
rpmrpm1.4cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
rpmrpm1.4.1cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*
rpmrpm1.4.2cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
rpmrpm1.4.2/acpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
rpmrpm1.4.3cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
rpmrpm1.4.4cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 1051

References

Related

veracode 1
ubuntucve 1
cve 1
debiancve 1
prion 1
cvelist 1
redhat 2
nessus 23
openvas 25
fedora 3
amazon 1
centos 1
oraclelinux 1
ubuntu 1
debian 1
osv 1
gentoo 1
vmware 2
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:10:31
ubuntucve
ubuntucve
CVE-2012-0060
2012-04-03 00:00:00
cve
cve
CVE-2012-0060
2012-06-04 20:55:01
debiancve
debiancve
CVE-2012-0060
2012-06-04 20:55:01
prion
prion
Design/Logic Flaw
2012-06-04 20:55:00
cvelist
cvelist
CVE-2012-0060
2012-06-04 20:00:00
redhat
redhat
(RHSA-2012:0451) Important: rpm security update
2012-04-03 00:00:00
(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update
2012-04-30 00:00:00
nessus
nessus
Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20120403)
2012-08-01 00:00:00
Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
2012-04-12 00:00:00
Fedora 17 : rpm-4.9.1.3-1.fc17 (2012-5298)
2012-04-12 00:00:00
openvas
openvas
RedHat Update for rpm RHSA-2012:0451-01
2012-04-05 00:00:00
CentOS Update for popt CESA-2012:0451 centos5
2012-07-30 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-61)
2015-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17
2012-04-12 03:27:10
[SECURITY] Fedora 16 Update: rpm-4.9.1.3-1.fc16
2012-04-22 03:42:55
[SECURITY] Fedora 15 Update: rpm-4.9.1.3-1.fc15
2012-04-22 03:24:37
amazon
amazon
Important: rpm
2012-04-05 12:49:00
centos
centos
popt, rpm security update
2012-04-03 17:07:58
oraclelinux
oraclelinux
rpm security update
2012-04-03 00:00:00
ubuntu
ubuntu
RPM vulnerabilities
2013-01-17 00:00:00
debian
debian
[SECURITY] [DLA 140-1] rpm security update
2015-01-28 18:07:09
osv
osv
rpm - security update
2015-01-28 00:00:00
gentoo
gentoo
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.046

Percentile

92.5%

JSON
Related for NVD:CVE-2012-0060
veracode1ubuntucve1cve1debiancve1prion1cvelist1redhat2nessus23openvas25fedora3amazon1centos1oraclelinux1ubuntu1debian1osv1gentoo1vmware2