Avoid using all malicious instances of the tpminever package.

rpm vulnerabilities

Known vulnerabilities in the rpm package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Insufficient Verification of Data Authenticity	<0:4.11.3-48.el7_9
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
M Improper Verification of Cryptographic Signature	*
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Integer Overflow or Wraparound	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
H Time-of-check Time-of-use (TOCTOU)	<0:4.11.1-18.el7_0
M Insufficient Verification of Data Authenticity	<0:4.11.3-35.el7_6.2
M Insufficient Verification of Data Authenticity	<0:4.11.3-48.el7_9
M Insufficient Verification of Data Authenticity	<0:4.11.3-35.el7_6.2
M Insufficient Verification of Data Authenticity	<0:4.11.3-40.el7_7.1
M Insufficient Verification of Data Authenticity	<0:4.11.3-40.el7_7.1
M Insufficient Verification of Data Authenticity	<0:4.11.3-35.el7_6.2
M Insufficient Verification of Data Authenticity	<0:4.11.3-40.el7_7.1
M Link Following	*
M Link Following	*
M Link Following	*
M Link Following	*
M Link Following	*
M Improper Verification of Cryptographic Signature	*
L Out-of-bounds Read	*

Vulnerability

Vulnerable Version

Insufficient Verification of Data Authenticity

<0:4.11.3-48.el7_9

Integer Overflow or Wraparound

<0:4.11.1-18.el7_0

Time-of-check Time-of-use (TOCTOU)

<0:4.11.1-18.el7_0

Improper Verification of Cryptographic Signature