Tag

Rpm

3 briefs RSS

CVE-2026-44604: RPM rpmuncompress Command Injection Vulnerability

A command injection vulnerability (CVE-2026-44604) exists in the `rpmuncompress` utility of RPM; when extracting specially crafted ZIP, 7z, or GEM archives, an attacker can inject shell commands via a malicious top-level folder name, leading to arbitrary code execution as the user running the extraction.

RPM command-injection CVE-2026-44604 archive-extraction linux

2r 1t 1c 3w ago

high advisory

Multiple Vulnerabilities in Red Hat Hardened Images RPMs

2 rules 5 TTPs

Multiple vulnerabilities in Red Hat Hardened Images RPMs can be exploited by an attacker to bypass security measures, escalate privileges, disclose sensitive information, manipulate data, or cause a denial-of-service condition.

Hardened Images RPMs vulnerability redhat rpm privilege-escalation defense-evasion information-disclosure manipulation denial-of-service

2r 5t May 6, 2026

high advisory

pyp2spec Code Injection Vulnerability

3 rules 1 TTP

pyp2spec before 0.14.1 is vulnerable to code injection by writing PyPI package metadata into generated spec files without escaping RPM macro directives, allowing malicious packages to execute arbitrary commands on the build machine.

pyp2spec code-injection supply-chain rpm linux

3r 1t Jan 3, 2024