12 matches found
CVE-2026-2625
The CVE-2026-2625 flaw affects rust-rpm-sequoia. A crafted RPM file can trigger an error in the OpenPGP signature parsing code during verification, causing the rpm process to terminate unconditionally and leading to an application‑level DoS (unavailability to process RPMs for signature verificati...
Linux Distros Unpatched Vulnerability : CVE-2026-2625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the R...
The vulnerability in the components of lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c of the RPM file size reduction software allows a hacker to execute arbitrary code.
The vulnerability of components such as lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c in the RPM file size reduction software is related to integer overflow. Exploiting this vulnerability can allow an attacker, operating locally, to gain unauthorized access to protect...
CVE-2022-39224
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...
PT-2022-5132 · Arr-Pm · Arr-Pm
Name of the Vulnerable Software and Affected Versions: Arr-pm versions prior to 0.0.12 Description: The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious payload compressor field. This impacts the extract and files methods of the RPM::Fil...
F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory C Tenable Network...
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...
CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...
Stack overflow
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service application crash or execute arbitrary code via a malformed 1 ISO or 2 RPM file...
CVE-2001-0923
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried...