VulnerableCode Package Details - pkg:deb/debian/rpm@4.8.1-6%2Bsqueeze1

Search for packages

Package details: pkg:deb/debian/rpm@4.8.1-6%2Bsqueeze1

Essentials
History (15)

purl	pkg:deb/debian/rpm@4.8.1-6%2Bsqueeze1

Next non-vulnerable version	4.18.0+dfsg-1+deb12u1
Latest non-vulnerable version	4.18.0+dfsg-1+deb12u1
Risk	3.1

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-1gkq-3yfu-fke8 Aliases: CVE-2021-20266	A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bd69-cfzq-c7ed Aliases: CVE-2021-3421	A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-faq3-97ja-9kc2 Aliases: CVE-2014-8118		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r3dj-w6tw-rufb Aliases: CVE-2013-6435		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-shux-h5z9-hfap Aliases: CVE-2012-6088		4.11.3-1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t7hy-4jyx-vqev Aliases: CVE-2012-0815		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tsdq-9jj9-duh5 Aliases: CVE-2012-0061		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u2a5-3kdz-1kbm Aliases: CVE-2011-3378		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uktq-tttc-gygm Aliases: CVE-2012-0060		4.10.0-5+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y63j-ybs2-mfc9 Aliases: CVE-2021-20271	A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.	4.16.1.2+dfsg1-3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-axb5-4uah-z7hb	rpm: fails to drop SUID/SGID bits on package removal	CVE-2005-4889
VCID-she7-1zqn-8fbu	rpm: rpmbuild does not properly parse syntax of spec files	CVE-2010-2197
VCID-ubtm-4xj4-qybr	rpm: fails to drop SUID/SGID bits on package upgrade	CVE-2010-2059

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:14:39.928781+00:00	Debian Oval Importer	Affected by	VCID-u2a5-3kdz-1kbm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:22:38.360934+00:00	Debian Oval Importer	Affected by	VCID-faq3-97ja-9kc2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:51:30.101618+00:00	Debian Oval Importer	Affected by	VCID-uktq-tttc-gygm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:26:33.275410+00:00	Debian Oval Importer	Affected by	VCID-y63j-ybs2-mfc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:13:12.591763+00:00	Debian Oval Importer	Fixing	VCID-she7-1zqn-8fbu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:25:11.939967+00:00	Debian Oval Importer	Fixing	VCID-axb5-4uah-z7hb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:02:00.372421+00:00	Debian Oval Importer	Affected by	VCID-tsdq-9jj9-duh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:19:01.419175+00:00	Debian Oval Importer	Affected by	VCID-shux-h5z9-hfap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:37:51.704696+00:00	Debian Oval Importer	Affected by	VCID-1gkq-3yfu-fke8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:48:46.814467+00:00	Debian Oval Importer	Fixing	VCID-ubtm-4xj4-qybr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:37:24.217625+00:00	Debian Oval Importer	Affected by	VCID-t7hy-4jyx-vqev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:34:25.786690+00:00	Debian Oval Importer	Affected by	VCID-r3dj-w6tw-rufb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:10:13.499990+00:00	Debian Oval Importer	Affected by	VCID-bd69-cfzq-c7ed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T09:42:34.712146+00:00	Debian Oval Importer	Affected by	VCID-r3dj-w6tw-rufb	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:39:14.518013+00:00	Debian Oval Importer	Affected by	VCID-faq3-97ja-9kc2	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0