Download
| Alert*
|
oval:org.secpod.oval:def:202308
The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ... oval:org.secpod.oval:def:701142 rpm: package manager for RPM RPM could be made to crash or run programs if it opened a specially crafted package file. oval:org.secpod.oval:def:201762 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to cre ... oval:org.secpod.oval:def:201743 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to cre ... oval:org.secpod.oval:def:202307 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ... oval:org.secpod.oval:def:500317 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to cre ... oval:org.secpod.oval:def:113654 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a descriptio ... oval:org.secpod.oval:def:113394 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a descriptio ... oval:org.secpod.oval:def:1901731 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:2001578 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:500777 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ... oval:org.secpod.oval:def:1500857 Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:702365 rpm: package manager for RPM Several security issues were fixed in RPM. oval:org.secpod.oval:def:108109 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a descriptio ... oval:org.secpod.oval:def:108141 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a descriptio ... oval:org.secpod.oval:def:1500868 Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulne ... oval:org.secpod.oval:def:1600075 It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during pa ... oval:org.secpod.oval:def:52382 rpm: package manager for RPM Several security issues were fixed in RPM. oval:org.secpod.oval:def:601912 Two vulnerabilities have been discovered in the RPM package manager. CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation. CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code. oval:org.secpod.oval:def:1500810 Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... |
