VYPR
Vendor

Rpm Software Management

Products
4
CVEs
3
Across products
3
Status
Private

Products

4

Recent CVEs

3
  • CVE-2024-2746HigMay 8, 2024
    risk 0.57cvss 8.8epss 0.00

    Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this…

  • CVE-2016-6299HigApr 14, 2017
    risk 0.51cvss 7.8epss 0.02

    The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

  • CVE-2021-35938MedAug 25, 2022
    risk 0.00cvss 6.7epss 0.00

    A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their…