Lucene search
K

32 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-22574

Malware in sbrugna...

6.7CVSS6.5AI score0.00481EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-7500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and...

7.8CVSS7.1AI score0.00415EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 6 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 - rpm: Following symlinks to...

7.8CVSS8.1AI score0.04985EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 5 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...

8.4AI score0.00415EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/25 9:1 a.m.4 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 8:2 a.m.2 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1232)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1202)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References2
Microsoft CVE
Microsoft CVE
added 2022/09/03 7:0 a.m.3 views

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.8CVSS6.8AI score0.00481EPSS
Exploits1
Veracode
Veracode
added 2022/08/29 4:37 a.m.48 views

Privilege Escalation

librpm.so is vulnerable to privilege escalation. A local unauthenticated user who owns another ancestor directory is able to potentially gain root privileges of the system due to the lack of sanitizations in lib/fsm.c during symlink validations. This vulnerability exists due to incomplete fixes f...

7.8CVSS7.1AI score0.00481EPSS
Exploits1References6Affected Software2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2017-0394)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.00415EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2018:2073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.00415EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2018:3286-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00415EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2018:3884-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00415EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2384)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00415EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2658)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.31 views

EulerOS 2.0 SP2 : rpm (EulerOS-SA-2019-2384)

According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownershi...

7.8CVSS7.3AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.29 views

openSUSE Security Update : rpm (openSUSE-2019-564)

This update for rpm fixes the following issues : This security vulnerability was fixed : - CVE-2017-7500: Fixed symlink attacks during RPM installation bsc943457 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

7.8CVSS6.8AI score0.00415EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/02/07 12:0 a.m.29 views

Photon OS 2.0: Rpm PHSA-2018-2.0-0108

An update of the rpm package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0108. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid122006;...

7.8CVSS7.3AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.43 views

SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2018:2073-1)

This update for rpm fixes the following issues: This security vulnerability was fixed : - CVE-2017-7500: Fixed symlink attacks during RPM installation bsc943457 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

7.8CVSS6.9AI score0.00415EPSS
Exploits0References6
Rows per page
Query Builder