11 matches found
CVE-2026-2625
The CVE-2026-2625 flaw affects rust-rpm-sequoia. A crafted RPM file can trigger an error in the OpenPGP signature parsing code during verification, causing the rpm process to terminate unconditionally and leading to an application‑level DoS (unavailability to process RPMs for signature verificati...
Linux Distros Unpatched Vulnerability : CVE-2026-2625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the R...
Arbitrary Code Execution
rpm is vulnerable to arbitrary code execution. The vulnerability exists as multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute...
F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory C Tenable Network...
Debian DLA-140-1 : rpm security update
Several vulnerabilities have been fixed in rpm : CVE-2014-8118 Fix integer overflow which allowed remote attackers to execute arbitrary code. CVE-2013-6435 Prevent remote attackers from executing arbitrary code via crafted RPM files. CVE-2012-0815 Fix denial of service and possible code execution...
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...
USN-1694-1: RPM vulnerability
It was discovered that RPM incorrectly handled signature checking. An attacker could create a specially-crafted rpm with an invalid signature which could pass the signature validation check...
F-Secure Product(s) Integer Overflow Vulnerability (Linux)
This host is installed with F-Secure Products and is prone to Integer Overflow vulnerability. OpenVAS Vulnerability Test $Id: gbfsecureprdtsintoverflowvulnlin.nasl 6516 2017-07-04 12:20:47Z cfischer $ F-Secure Products Integer Overflow Vulnerability Linux Authors: Sharath S Copyright: Copyright c...
CVE-2006-5466
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...
CVE-2006-5466
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...