Lucene search
+L

12 matches found

CVE
CVE
added 2026/04/03 6:38 p.m.21 views

CVE-2026-2625

The CVE-2026-2625 flaw affects rust-rpm-sequoia. A crafted RPM file can trigger an error in the OpenPGP signature parsing code during verification, causing the rpm process to terminate unconditionally and leading to an application‑level DoS (unavailability to process RPMs for signature verificati...

5.5CVSS5.9AI score0.00085EPSS
Exploits0References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/02/17 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-2625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the R...

5.5CVSS5.9AI score0.00085EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.6 views

The vulnerability in the components of lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c of the RPM file size reduction software allows a hacker to execute arbitrary code.

The vulnerability of components such as lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c in the RPM file size reduction software is related to integer overflow. Exploiting this vulnerability can allow an attacker, operating locally, to gain unauthorized access to protect...

7.8CVSS7.3AI score0.00261EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2022/09/21 11:15 p.m.102 views

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7.8CVSS0.01628EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/09/21 5:0 p.m.33 views

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

7.8CVSS7.5AI score0.01628EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.13 views

PT-2022-5132 · Arr-Pm · Arr-Pm

Name of the Vulnerable Software and Affected Versions: Arr-pm versions prior to 0.0.12 Description: The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious payload compressor field. This impacts the extract and files methods of the RPM::Fil...

7.8CVSS7.4AI score0.01628EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2016/01/28 12:0 a.m.35 views

F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory C Tenable Network...

7.6CVSS7.6AI score0.07669EPSS
Exploits0References2
NVD
NVD
added 2014/12/16 6:59 p.m.19 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

7.6CVSS7.8AI score0.07669EPSS
Exploits0References13
OSV
OSV
added 2014/12/16 6:59 p.m.10 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

7.6CVSS7.2AI score0.07669EPSS
Exploits0References13
Cvelist
Cvelist
added 2014/12/16 6:0 p.m.29 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

7.7AI score0.07669EPSS
Exploits0References13
Prion
Prion
added 2009/07/02 10:30 a.m.20 views

Stack overflow

Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service application crash or execute arbitrary code via a malformed 1 ISO or 2 RPM file...

6.8CVSS8.4AI score0.03691EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2001/10/25 4:0 a.m.14 views

CVE-2001-0923

RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried...

7.2CVSS7.4AI score0.00605EPSS
Exploits1References4
Rows per page
Query Builder