VulnerableCode Package Details - pkg:deb/debian/rpm@4.10.0-5%2Bdeb7u2

Search for packages

Package details: pkg:deb/debian/rpm@4.10.0-5%2Bdeb7u2

Essentials
History (12)

purl	pkg:deb/debian/rpm@4.10.0-5%2Bdeb7u2

Next non-vulnerable version	4.18.0+dfsg-1+deb12u1
Latest non-vulnerable version	4.18.0+dfsg-1+deb12u1
Risk	3.1

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-1gkq-3yfu-fke8 Aliases: CVE-2021-20266	A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bd69-cfzq-c7ed Aliases: CVE-2021-3421	A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-faq3-97ja-9kc2 Aliases: CVE-2014-8118		4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r3dj-w6tw-rufb Aliases: CVE-2013-6435		4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-shux-h5z9-hfap Aliases: CVE-2012-6088		4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y63j-ybs2-mfc9 Aliases: CVE-2021-20271	A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (6)

Vulnerability	Summary	Aliases
VCID-faq3-97ja-9kc2		CVE-2014-8118
VCID-r3dj-w6tw-rufb		CVE-2013-6435
VCID-t7hy-4jyx-vqev		CVE-2012-0815
VCID-tsdq-9jj9-duh5		CVE-2012-0061
VCID-u2a5-3kdz-1kbm		CVE-2011-3378
VCID-uktq-tttc-gygm		CVE-2012-0060

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:14:39.938574+00:00	Debian Oval Importer	Fixing	VCID-u2a5-3kdz-1kbm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:22:38.369877+00:00	Debian Oval Importer	Affected by	VCID-faq3-97ja-9kc2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:51:30.111197+00:00	Debian Oval Importer	Fixing	VCID-uktq-tttc-gygm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:26:33.284914+00:00	Debian Oval Importer	Affected by	VCID-y63j-ybs2-mfc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:02:00.381483+00:00	Debian Oval Importer	Fixing	VCID-tsdq-9jj9-duh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:19:01.428156+00:00	Debian Oval Importer	Affected by	VCID-shux-h5z9-hfap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:37:51.713777+00:00	Debian Oval Importer	Affected by	VCID-1gkq-3yfu-fke8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:37:24.227838+00:00	Debian Oval Importer	Fixing	VCID-t7hy-4jyx-vqev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:34:25.795736+00:00	Debian Oval Importer	Affected by	VCID-r3dj-w6tw-rufb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:10:13.510233+00:00	Debian Oval Importer	Affected by	VCID-bd69-cfzq-c7ed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T09:42:34.722714+00:00	Debian Oval Importer	Fixing	VCID-r3dj-w6tw-rufb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:39:14.529254+00:00	Debian Oval Importer	Fixing	VCID-faq3-97ja-9kc2	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0