rpm-build (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package rpm-build, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2021-35938 — CVSS 6.7 (medium): A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local…
CVE-2021-35939 — CVSS 6.7 (medium): It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of…
CVE-2021-35937 — CVSS 6.4 (medium): A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in…
CVE-2021-20266 — CVSS 4.9 (medium): A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds…
CVE-2021-3521 — CVSS 4.7 (medium): There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not…