Search for packages
| purl | pkg:deb/debian/rpm@4.8.1-6%2Bsqueeze2 |
| Next non-vulnerable version | 4.18.0+dfsg-1+deb12u1 |
| Latest non-vulnerable version | 4.18.0+dfsg-1+deb12u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4jnw-qbqx-aaad
Aliases: CVE-2011-3378 |
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. |
Affected by 6 other vulnerabilities. |
|
VCID-8tqq-98fr-aaad
Aliases: CVE-2021-20266 |
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. |
Affected by 4 other vulnerabilities. |
|
VCID-jqrm-1jje-aaae
Aliases: CVE-2012-0060 |
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. |
Affected by 6 other vulnerabilities. |
|
VCID-p5ja-jjqu-aaae
Aliases: CVE-2012-0815 |
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. |
Affected by 6 other vulnerabilities. |
|
VCID-q7k2-h4de-aaak
Aliases: CVE-2021-20271 |
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
Affected by 4 other vulnerabilities. |
|
VCID-syg9-n9mv-aaag
Aliases: CVE-2021-3421 |
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. |
Affected by 4 other vulnerabilities. |
|
VCID-thy6-umhu-aaaf
Aliases: CVE-2012-6088 |
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. |
Affected by 3 other vulnerabilities. |
|
VCID-v2jk-5cb5-aaah
Aliases: CVE-2013-6435 |
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-x6gr-a1xr-aaae
Aliases: CVE-2012-0061 |
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. |
Affected by 6 other vulnerabilities. |
|
VCID-z7q8-uh7q-aaap
Aliases: CVE-2014-8118 |
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:07:05.216762+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:05:36.301737+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:47:21.324313+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:44:30.597235+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:36:06.578474+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:32:21.449003+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:07:25.456364+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:27:58.377341+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T09:21:04.344830+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:17:54.671641+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T05:50:21.725943+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.1.3 |
| 2025-06-21T03:06:40.318608+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.1.3 |
| 2025-06-21T02:32:20.258720+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.1.3 |
| 2025-06-21T01:13:20.517519+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | None | 36.1.3 |
| 2025-06-21T00:53:43.810944+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | None | 36.1.3 |
| 2025-06-21T00:38:27.336554+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | None | 36.1.3 |
| 2025-06-20T23:59:52.653120+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | None | 36.1.3 |
| 2025-06-20T23:21:40.442790+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | None | 36.1.3 |
| 2025-06-20T22:46:52.841435+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | None | 36.1.3 |
| 2025-06-20T19:29:35.575249+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | None | 36.1.3 |
| 2025-06-08T11:56:02.846046+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:53:53.589464+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:36:09.400827+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:37:13.195412+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T10:20:21.794990+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T10:17:36.008690+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T10:10:45.067128+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:18:08.320017+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:00:54.658674+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:22:00.735035+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T03:08:55.263633+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T03:05:44.470624+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-07T23:28:56.009978+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.1.0 |
| 2025-06-07T20:39:25.628693+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.1.0 |
| 2025-06-07T19:56:26.792368+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.1.0 |
| 2025-06-07T18:35:59.509874+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | None | 36.1.0 |
| 2025-06-07T18:16:04.932728+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | None | 36.1.0 |
| 2025-06-07T18:01:02.964202+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | None | 36.1.0 |
| 2025-06-07T17:22:46.410978+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | None | 36.1.0 |
| 2025-06-07T16:44:35.886713+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | None | 36.1.0 |
| 2025-06-07T16:10:47.592402+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | None | 36.1.0 |
| 2025-06-07T13:26:33.988903+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | None | 36.1.0 |
| 2025-06-03T13:25:50.285094+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | None | 36.1.2 |
| 2025-04-12T22:38:02.457847+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:00:08.530210+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:36:51.787960+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:18:11.551991+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:14:31.310809+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:42:09.045177+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:11:19.254104+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:41:12.734330+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:38:59.691132+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:20:40.594160+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:18:45.355061+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T16:01:20.992746+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T15:58:29.492235+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T15:51:33.315054+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:50:15.028883+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:33:15.240776+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:54:15.623963+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T01:36:12.276187+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:32:55.065397+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-07T22:00:50.545187+00:00 | Debian Oval Importer | Affected by | VCID-8tqq-98fr-aaad | None | 36.0.0 |
| 2025-04-07T19:09:54.359588+00:00 | Debian Oval Importer | Affected by | VCID-q7k2-h4de-aaak | None | 36.0.0 |
| 2025-04-07T18:34:18.020662+00:00 | Debian Oval Importer | Affected by | VCID-syg9-n9mv-aaag | None | 36.0.0 |
| 2025-04-07T17:13:45.218500+00:00 | Debian Oval Importer | Affected by | VCID-z7q8-uh7q-aaap | None | 36.0.0 |
| 2025-04-07T16:53:33.367470+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | None | 36.0.0 |
| 2025-04-07T16:38:01.463437+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | None | 36.0.0 |
| 2025-04-07T15:56:55.156703+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | None | 36.0.0 |
| 2025-04-07T15:17:08.184579+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | None | 36.0.0 |
| 2025-04-07T14:42:08.811546+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | None | 36.0.0 |
| 2025-04-07T12:02:05.106079+00:00 | Debian Oval Importer | Affected by | VCID-v2jk-5cb5-aaah | None | 36.0.0 |
| 2024-11-29T11:39:19.339110+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T19:01:05.855050+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T17:51:43.227614+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T17:49:53.348629+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T11:47:22.033871+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-14T18:48:57.229070+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-14T04:20:59.166635+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-14T03:31:08.994876+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-14T03:29:44.736959+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T23:12:49.909868+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-21T11:30:45.093456+00:00 | Debian Oval Importer | Affected by | VCID-thy6-umhu-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T05:56:26.334701+00:00 | Debian Oval Importer | Affected by | VCID-p5ja-jjqu-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T05:35:11.442075+00:00 | Debian Oval Importer | Affected by | VCID-x6gr-a1xr-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T05:34:28.781367+00:00 | Debian Oval Importer | Affected by | VCID-jqrm-1jje-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T03:50:01.916541+00:00 | Debian Oval Importer | Affected by | VCID-4jnw-qbqx-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |