Rpm@2.5.5 Security Vulnerabilities and Issues — Rpm@2.5.5 CVE List

Lucene search

RpmRpm2.5.5

10 matches found

CVE•added 2014/12/16 6:59 p.m.•143 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

7.6CVSS7.6AI score0.06749EPSS

CVE•added 2014/12/16 6:59 p.m.•83 views

CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

10CVSS7.8AI score0.11803EPSS

CVE•added 2012/06/04 8:55 p.m.•78 views

CVE-2012-0815

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

6.8CVSS8.6AI score0.06991EPSS

CVE•added 2012/06/04 8:55 p.m.•66 views

CVE-2012-0061

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

6.8CVSS8.6AI score0.06568EPSS

CVE•added 2010/06/08 6:30 p.m.•62 views

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

7.2CVSS7.5AI score0.00091EPSS

CVE•added 2012/06/04 8:55 p.m.•61 views

CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

6.8CVSS8.7AI score0.06486EPSS

CVE•added 2010/06/08 6:30 p.m.•55 views

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) se...

7.2CVSS7.4AI score0.00091EPSS

CVE•added 2010/06/08 6:30 p.m.•51 views

CVE-2010-2198

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creati...

7.2CVSS7.5AI score0.00091EPSS

CVE•added 2010/06/08 6:30 p.m.•48 views

CVE-2010-2197

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

5.8CVSS6.5AI score0.0043EPSS

CVE•added 2010/06/08 6:30 p.m.•45 views

CVE-2010-2199

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a...

7.2CVSS7.3AI score0.00091EPSS