threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rpm
Product
rpm
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-1929
< 5.1.17
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentia
7.5
HIGH
CVE-2021-35939
< 4.18
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent direct
6.7
MEDIUM
CVE-2021-35938
< 4.18.0
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A
6.7
MEDIUM
CVE-2021-35937
< 4.18.0
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were intr
6.4
MEDIUM
CVE-2021-3521
< 4.17.1
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM
4.7
MEDIUM
CVE-2021-3445
< 0.60.1
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achie
7.5
HIGH
CVE-2021-3421
< 4.16.1.3
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a
5.5
MEDIUM
CVE-2021-20266
< 4.16.1.3
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-
4.9
MEDIUM
CVE-2021-20271
>= 4.15.0 and < 4.15.1.3
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince
7.0
HIGH
CVE-2019-3817
< 0.1.10
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is
7.5
HIGH
CVE-2017-7500
>= 4.13.0.0 and < 4.13.0.2
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possib
7.3
HIGH
CVE-2018-10897
<= 1.1.31
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repositor
8.1
HIGH
CVE-2017-7501
< 4.13.0.3
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker w
7.8
HIGH
CVE-2014-8118
<= 4.12.0
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payloa
CVE-2013-6435
<= 4.11.1
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installati
CVE-2012-6088
all versions
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving
CVE-2012-0815
<= 4.9.1.2
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) a
CVE-2012-0061
<= 4.9.1.2
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted r
CVE-2012-0060
<= 4.9.1.2
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and
CVE-2011-3378
<= 4.9.1.1
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and pos
CVE-2010-2199
<= 4.8.0
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an
CVE-2010-2198
<= 4.8.0
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an
CVE-2010-2197
<= 4.8.0
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to
CVE-2010-2059
<= 4.4.2.3
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an
CVE-2005-4889
<= 4.4.2.3
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM pac
CVE-2006-5466
all versions
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment vari
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin