HIGH7.8CVE-2017-7500It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changi… from 0
HIGH7.8CVE-2017-7501It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. from 0
HIGH7.0CVE-2026-44604A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. from 0
HIGH7.0A flaw was found in RPM's signature check functionality when reading a package file.
from 0, < 4.16.1.2+dfsg1-1
MEDIUM6.7It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of th…
from 0
MEDIUM6.7A symbolic link issue was found in rpm.
from 0
MEDIUM6.4A race condition vulnerability was found in rpm.
from 0
MEDIUM5.5A flaw was found in the RPM package in the read functionality.
from 0, < 4.16.1.2+dfsg1-1
MEDIUM4.9A flaw was found in RPM's hdrblobInit() in lib/header.c.
from 0, < 4.16.1.2+dfsg1-1
MEDIUM4.7There is a flaw in RPM's signature functionality.
from 0
—Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section…
from 0, < 4.11.3-1.1
—rpm - security update
from 0, < 4.10.0-5+deb7u2
—rpm - security update
from 0, < 4.11.3-1.1
—The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unpa…
from 0, < 4.10.1-2.1
—The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possib…
from 0, < 4.9.1.3-1
—The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote att…
from 0, < 4.9.1.3-1
—rpm - security update
from 0, < 4.8.1-6+squeeze2
—rpm - security update
from 0, < 4.9.1.3-1
—RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly exe…
from 0, < 4.9.1.2-1
—lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM pack…
from 0
—lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM pack…
from 0
—rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove h…
from 0, < 4.8.1-1
—lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executabl…
from 0, < 4.8.1-1
—lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package remo…
from 0, < 4.7.0-1
—Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is s…
from 0, < 4.4.1-11
—zlib - buffer overflow
from 0, < 4.0.4-31.1