12 matches found
EUVD-2022-6740
Malicious code in bioql PyPI...
CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
Security Bulletin: IBM QRadar Network Security is affected by vulnerability in rpm. (CVE-2021-20271)
Summary IBM QRadar Network Security has addressed vulnerability in rpm library. the issue could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to execute arbitrary code on the system, caus...
Arbitrary Code Execution
rpm is vulnerable to arbitrary code execution. The vulnerability exists as multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute...
Mandriva Update for rpm MDVSA-2012:056 (rpm)
Check for the Version of rpm OpenVAS Vulnerability Test Mandriva Update for rpm MDVSA-2012:056 rpm Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
CentOS Update for popt CESA-2011:1349 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for popt CESA-2012:0451 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...
RedHat Update for rpm RHSA-2012:0451-01
Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2012:0451-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
CentOS Update for popt CESA-2011:1349 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Update for rpm MDVSA-2011:143 (rpm)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 4 / 5 : rpm (CESA-2011:1349)
Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated...