55 matches found
Astra Linux – Vulnerability in rpm
A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...
MiracleLinux 8 : rpm-4.14.3-19.el8.2 (AXSA:2022-3034:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3034:02 advisory. rpm: RPM does not require subkeys to have a valid binding signature CVE-2021-3521 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : rpm-4.11.3-48.0.1.el7.AXS7 (AXSA:2021-2566:07)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2566:07 advisory. rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Tenable has extracted the preceding description block directly from the MiracleLinux...
EUVD-2012-0842
Malware in sbrugna...
EUVD-2005-4880
Malware in sbrugna...
EUVD-2012-5959
Malware in sbrugna...
EUVD-2012-0099
Malware in sbrugna...
EUVD-2017-16518
Malware in sbrugna...
EUVD-2017-16517
Malware in sbrugna...
EUVD-2021-22573
Malware in sbrugna...
EUVD-2013-6245
Malware in sbrugna...
Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680620)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680620 advisory. A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500...
Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680653 advisory. There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature...
Linux Distros Unpatched Vulnerability : CVE-2017-7501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a...
NewStart CGSL CORE 5.04 / MAIN 5.04 : rpm Vulnerability (NS-SA-2024-0010)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rpm packages installed that are affected by a vulnerability: - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seeming...
rpm: TOCTOU race in checks for unsafe symlinks
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
K16383: Linux RPM vulnerability CVE-2013-6435
Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...
SUSE CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...
EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501 potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...