Search CVE reports
21 – 26 of 26 results
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.
1 affected package
rpm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local...
1 affected package
rpm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via...
1 affected package
rpm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a...
1 affected package
rpm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
Some fixes available 19 of 21
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as...
9 affected packages
aide, bacula, dpkg, dump, ia32-libs...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| aide | — | — | — | — |
| bacula | — | — | — | — |
| dpkg | — | — | — | — |
| dump | — | — | — | — |
| ia32-libs | — | — | — | — |
| rpm | — | — | — | — |
| sash | — | — | — | — |
| zlib | — | — | — | — |
| zsync | — | — | — | — |
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
6 affected packages
rpm, sash, aide, dpkg, ia32-libs, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
| sash | — | — | — | — |
| aide | — | — | — | — |
| dpkg | — | — | — | — |
| ia32-libs | — | — | — | — |
| zlib | — | — | — | — |