CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2023-6395 – Mock: privilege escalation for users that can access mock configuration
https://notcve.org/view.php?id=CVE-2023-6395
16 Jan 2024 — The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvert... • http://www.openwall.com/lists/oss-security/2024/01/16/1 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2021-35939 – rpm: checks for unsafe symlinks are not performed for intermediary directories
https://notcve.org/view.php?id=CVE-2021-35939
26 Aug 2022 — It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que la corrección de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobación sólo es implement... • https://access.redhat.com/security/cve/CVE-2021-35939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
25 Aug 2022 — A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuest... • https://access.redhat.com/security/cve/CVE-2021-35937 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
25 Aug 2022 — A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3521 – rpm: RPM does not require subkeys to have a valid binding signature
https://notcve.org/view.php?id=CVE-2021-3521
25 Jan 2022 — There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. • https://access.redhat.com/security/cve/CVE-2021-3521 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3445 – libdnf: Signature verification bypass via signature placed in the main RPM header
https://notcve.org/view.php?id=CVE-2021-3445
19 May 2021 — A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la funcionalidad de verificación de firma libdnf's en versiones anteriores a 0.60.1. Este fallo permite a un atacante l... • https://bugzilla.redhat.com/show_bug.cgi?id=1932079 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3421 – rpm: unsigned signature header leads to string injection into an rpm database
https://notcve.org/view.php?id=CVE-2021-3421
19 May 2021 — A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. Se encontró un fallo en el paquete RPM en la funcionalidad read. • https://bugzilla.redhat.com/show_bug.cgi?id=1927747 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20266 – rpm: missing length checks in hdrblobInit()
https://notcve.org/view.php?id=CVE-2021-20266
30 Apr 2021 — A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Se detectó un fallo en RPM en la función hdrblobInit() en el archivo lib/header.c. Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1927741 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-31414
https://notcve.org/view.php?id=CVE-2021-31414
16 Apr 2021 — The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. La extensión no oficial vscode-rpm-spec versiones anteriores a 0.3.2 para Visual Studio Code, permite una ejecución de código remota por medio de una configuración de espacio de trabajo diseñada • https://github.com/LaurentTreguier/vscode-rpm-spec/commit/e19fb8e29cb48cadfd3238371e060d4ffd3384f9 •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20271 – rpm: Signature checks bypass via corrupted rpm package
https://notcve.org/view.php?id=CVE-2021-20271
26 Mar 2021 — A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. Se detectó un fallo en la funcionalidad de comprobación de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un ... • https://bugzilla.redhat.com/show_bug.cgi?id=1934125 • CWE-345: Insufficient Verification of Data Authenticity •