VYPR

RPM

by Red Hat

CVEs (2)

  • CVE-2014-8118Dec 16, 2014
    risk 0.01cvss epss 0.08

    Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

  • CVE-2010-2197Jun 8, 2010
    risk 0.00cvss epss 0.01

    rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.