Lucene search
+L

37 matches found

OSV
OSV
added 2026/04/30 8:56 a.m.9 views

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : rpm-4.14.3-19.el8.2 (AXSA:2022-3034:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3034:02 advisory. rpm: RPM does not require subkeys to have a valid binding signature CVE-2021-3521 Tenable has extracted the preceding description block directly from the...

4.7CVSS6.5AI score0.00302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: rpm (TSSA-2022:0007)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0007 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

4.9CVSS6.3AI score0.01706EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2021-3521

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...

4.7CVSS6.6AI score0.00302EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/06/05 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:1557-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS6.3AI score0.00302EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/05/31 12:0 a.m.24 views

SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-2 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References6
OSV
OSV
added 2024/05/30 11:34 a.m.12 views

SUSE-SU-2024:1557-2 Security update for rpm

This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/05/13 12:0 a.m.19 views

openSUSE Security Advisory (SUSE-SU-2024:1557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS6.3AI score0.00302EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.32 views

SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-1 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/05/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2024:1557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS6.3AI score0.00302EPSS
Exploits0References6
OSV
OSV
added 2024/05/08 9:43 a.m.10 views

SUSE-SU-2024:1557-3 Security update for rpm

This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...

4.7CVSS4.9AI score0.00302EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.25 views

Rocky Linux 8 : rpm (RLSA-2022:0368)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0368 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...

4.7CVSS6.4AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2023/08/31 12:14 p.m.1 views

BELL-CVE-2021-3521 CVE-2021-3521 does not affect BellSoft software

Bulletin has no description...

4.7CVSS7.3AI score0.00302EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.35 views

EulerOS Virtualization 3.0.6.0 : rpm (EulerOS-SA-2023-2230)

According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.' RPM...

4.7CVSS6.4AI score0.00302EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/06/12 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-2230)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS6.2AI score0.00302EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2022/10/05 11:33 p.m.18 views

CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1

CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1. An upgraded version of the package is available that resolves this issue...

4.7CVSS6AI score0.00302EPSS
Exploits0
CBLMariner
CBLMariner
added 2022/10/04 7:51 a.m.19 views

CVE-2021-3521 affecting package rpm 4.14.2-14

CVE-2021-3521 affecting package rpm 4.14.2-14. A patched version of the package is available...

4.7CVSS9.8AI score0.00302EPSS
Exploits0
CVE
CVE
added 2022/08/22 12:0 a.m.273 views

CVE-2021-3521

CVE-2021-3521 describes a flaw in RPM’s handling of OpenPGP subkeys: binding signatures on subkeys are not checked before import, enabling potential trust of malicious signatures and risking data integrity. Exploitation requires compromising a repository or persuading an administrator to install ...

4.7CVSS4.7AI score0.00302EPSS
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2022/08/22 12:0 a.m.37 views

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

6.7CVSS1.9AI score0.00491EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 8:18 a.m.62 views

Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplie...

9.8CVSS1.3AI score0.04729EPSS
Exploits3Affected Software1
Rows per page
Query Builder