Search for packages
| purl | pkg:deb/debian/rpm@4.11.3-1.1 |
| Next non-vulnerable version | 4.18.0+dfsg-1+deb12u1 |
| Latest non-vulnerable version | 4.18.0+dfsg-1+deb12u1 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8tqq-98fr-aaad
Aliases: CVE-2021-20266 |
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. |
Affected by 4 other vulnerabilities. |
|
VCID-q7k2-h4de-aaak
Aliases: CVE-2021-20271 |
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
Affected by 4 other vulnerabilities. |
|
VCID-syg9-n9mv-aaag
Aliases: CVE-2021-3421 |
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-thy6-umhu-aaaf | The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. |
CVE-2012-6088
|
| VCID-v2jk-5cb5-aaah | Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. |
CVE-2013-6435
|
| VCID-z7q8-uh7q-aaap | Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. |
CVE-2014-8118
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:07:05.220519+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:44:30.605008+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:36:06.583564+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:27:58.382099+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T05:50:21.729573+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.1.3 |
| 2025-06-21T03:06:40.322824+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.1.3 |
| 2025-06-21T02:32:20.263080+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.1.3 |
| 2025-06-21T01:13:20.521089+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | None | 36.1.3 |
| 2025-06-21T00:53:43.815380+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | None | 36.1.3 |
| 2025-06-20T19:38:47.847316+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | None | 36.1.3 |
| 2025-06-08T11:53:53.593070+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:36:09.403853+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:17:36.011750+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T10:10:45.071041+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:22:00.739044+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T23:28:56.013430+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.1.0 |
| 2025-06-07T20:39:25.631711+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.1.0 |
| 2025-06-07T19:56:26.796437+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.1.0 |
| 2025-06-07T18:35:59.513581+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | None | 36.1.0 |
| 2025-06-07T18:16:04.935914+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | None | 36.1.0 |
| 2025-06-07T13:33:02.933367+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | None | 36.1.0 |
| 2025-04-12T22:00:08.540020+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:18:11.561696+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:42:09.056159+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:11:19.264505+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:38:59.701264+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:20:40.604304+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T15:58:29.503785+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T15:51:33.324734+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:54:15.633887+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T22:00:50.555854+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.0.0 |
| 2025-04-07T19:09:54.370195+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.0.0 |
| 2025-04-07T18:34:18.031481+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.0.0 |
| 2025-04-07T17:13:45.229245+00:00 | Debian Oval Importer | Fixing | VCID-z7q8-uh7q-aaap | None | 36.0.0 |
| 2025-04-07T16:53:33.377198+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | None | 36.0.0 |
| 2025-04-07T12:08:28.209981+00:00 | Debian Oval Importer | Fixing | VCID-v2jk-5cb5-aaah | None | 36.0.0 |
| 2024-11-29T11:39:19.349025+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-14T18:48:57.239098+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-21T11:30:45.105884+00:00 | Debian Oval Importer | Fixing | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |