CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-3817 – libcomps: use after free when merging two objmrtrees
https://notcve.org/view.php?id=CVE-2019-3817
27 Mar 2019 — A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. Se ha descubierto un error de uso de memoria previamente liberada en libcomps, en versiones anteriores a la 0.1.10 en la forma en la que se fusionan los ObjMRTrees. Un atacante que sea capaz de hacer que una aplicación lea un archivo XML comps manipulado podr... • https://access.redhat.com/errata/RHSA-2019:3583 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7500
https://notcve.org/view.php?id=CVE-2017-7500
13 Aug 2018 — It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. Se ha detectado que rpm no manejaba correctamente las instalaciones RPM cuando una ruta de d... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 2%CPEs: 8EXPL: 0CVE-2018-10897 – yum-utils: reposync: improper path validation may lead to directory traversal
https://notcve.org/view.php?id=CVE-2018-10897
30 Jul 2018 — A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believe... • http://www.securitytracker.com/id/1041594 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7501 – Gentoo Linux Security Advisory 201811-22
https://notcve.org/view.php?id=CVE-2017-7501
22 Nov 2017 — It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. Se ha descubierto que las versiones de rpm anteriores a la 4.13.0.2 emplean archivos temporales con nombres predecibles al... • https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2623 – rpm-ostree-client: fails to check gpg package signatures when layering
https://notcve.org/view.php?id=CVE-2017-2623
04 Mar 2017 — It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default. Se ha descubierto que rpm-ostree y rpm-ostree-client en versiones anteriores a la 2017.3 no comprueban correctamente las firmas GPG en los paquetes al crear las capas. Los paquetes con... • http://www.securityfocus.com/bid/96558 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 6%CPEs: 110EXPL: 0CVE-2013-6435 – rpm: race condition during the installation process
https://notcve.org/view.php?id=CVE-2013-6435
09 Dec 2014 — Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y co... • http://advisories.mageia.org/MGASA-2014-0529.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 11%CPEs: 109EXPL: 0CVE-2014-8118 – rpm: integer overflow and stack overflow in CPIO header parsing
https://notcve.org/view.php?id=CVE-2014-8118
09 Dec 2014 — Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Desbordamiento de enteros en RPM 4.12 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de una cabecera CPIO manipulada en la sección 'payload' de un ficheros RPM, lo que provoca un desbordamiento de buffer basado en pila. It was found that RPM wrote file contents to the target inst... • http://advisories.mageia.org/MGASA-2014-0529.html • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6088 – Ubuntu Security Notice USN-1694-1
https://notcve.org/view.php?id=CVE-2012-6088
18 Jan 2013 — The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. La función rpmpkgRead en lib/package.c en RPM v4.10.x antes de v4.10.2 no devuelve un código de error en determinadas situaciones relacionadas con una "firma no analizable", lo que permite a atacantes remotos evitar los controles de firmas a través de un paquete RPM di... • http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 7%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
03 Apr 2012 — The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un ele... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 6%CPEs: 105EXPL: 0CVE-2012-0060 – rpm: insufficient validation of region tags
https://notcve.org/view.php?id=CVE-2012-0060
03 Apr 2012 — RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. RPM en versiones anteriores a la 4.9.1.3 no valida apropiadamente las etiquetas "region", lo que permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una et... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •