Redhat: >> Redhat Package Manager Security Vulnerabilities
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-12-31
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.
CVSS Score
7.2
EPSS Score
0.001
Published
2001-10-25