Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 5:59 a.m.11 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/11 4:54 a.m.5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.16 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

10CVSS7AI score0.01945EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2024/01/30 1:30 p.m.2 views

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

6.7CVSS7.1AI score0.00491EPSS
Exploits1References5
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.47 views

RPM: Multiple Vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

6.7CVSS2.5AI score0.00491EPSS
Exploits3
OSV
OSV
added 2022/08/25 8:15 p.m.9 views

AZL-10723 CVE-2021-35938 affecting package rpm for versions less than 4.18.0-1

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

6.7CVSS6.7AI score0.00491EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/06/29 4:45 p.m.4 views

rpm: Signature checks bypass via corrupted rpm package

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.4AI score0.00827EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2018/11/28 12:0 a.m.97 views

RPM: Multiple vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

10CVSS8.4AI score0.07669EPSS
Exploits0
CNVD
CNVD
added 2017/11/27 12:0 a.m.3 views

Red Hat RPM Elevation of Privilege Vulnerability

Red Hat RPM RPM Package Manager is a command-line driven package manager from Red Hat, Inc. that is used to install, uninstall, verify, query, and upgrade computer packages. A security vulnerability exists in Red Hat RPM versions prior to 4.13.0.2, which stems from a predictable temporary filenam...

7.8CVSS7.1AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2014/12/16 12:0 a.m.5 views

UBUNTU-CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow...

10CVSS8AI score0.07611EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/05 3:34 a.m.5 views

yum: yum-cron installs unsigned packages

It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an...

5CVSS5.9AI score0.0241EPSS
Exploits0References4
OSV
OSV
added 2013/01/18 11:48 a.m.3 views

DEBIAN-CVE-2012-6088

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package...

4.3CVSS7.1AI score0.02255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1970/01/01 12:0 a.m.4 views

PT-2011-5224 · Popt +3 · Popt +3

Name of the Vulnerable Software and Affected Versions: RPM versions 4.4.x through 4.9.x rpm package affected versions not specified rpm-devel affected versions not specified rpm-devel-32bit affected versions not specified rpm-devel-64bit affected versions not specified rpm-32bit affected versions...

10CVSS7.8AI score0.07669EPSS
Exploits4References69
Rows per page
Query Builder