31 matches found
Astra Linux - уязвимость в rpm
A flaw was discovered in RPM’s hdrblobInit function in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The greatest threat from this vulnerability is to system availability...
Astra Linux - уязвимость в rpm
A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...
Unity Linux 20.1060e / 20.1070e Security Update: rpm (UTSA-2026-017662)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017662 advisory. A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from...
RHEL 6 : rpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : RPM Package Manager vulnerabilities (USN-5273-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5273-1 advisory. Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue ...
SUSE CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...
SUSE CVE-2021-20266
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
EulerOS Virtualization 3.0.2.6 : rpm (EulerOS-SA-2021-2876)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2823)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2613)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : rpm (EulerOS-SA-2021-2613)
According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...
EulerOS 2.0 SP2 : rpm (EulerOS-SA-2021-2443)
According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...
EulerOS 2.0 SP5 : rpm (EulerOS-SA-2021-2346)
According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2346)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : rpm (openSUSE-SU-2021:2682-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds...
Security update for rpm (important)
openSUSE Security Update: Security update for rpm Announcement ID: openSUSE-SU-2021:2682-1 Rating: important References: 1179416 1181805 1183543 1183545 ECO-3622 SLE-17817 Cross-References: CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVSS scores: CVE-2021-20266 NVD : 4.9...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2015)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : rpm (ELSA-2021-2574)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2574 advisory. 4.14.3-14 - Be more careful about copying data from signature header 1958477 - Fixes CVE-2021-20271 Tenable has extracted the preceding description block direct...
rpm: unsigned signature header leads to string injection into an rpm database
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
...