Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-8118 |
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Published: December 16, 2014; 1:59:06 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6435 |
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Published: December 16, 2014; 1:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2012-0815 |
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. Published: June 04, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0061 |
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. Published: June 04, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0060 |
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. Published: June 04, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |