Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

rpm rpm 4.10.0 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2012-6088
The rpmpkgRead function in lib/package.c in RPM 4.10.x prior to 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote malicious users to bypass RPM signature checks via a crafted package.
Rpm Rpm 4.10.0Rpm Rpm 4.10.1
10
CVSSv2
CVE-2014-8118
Integer overflow in RPM 4.12 and previous versions allows remote malicious users to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Rpm Rpm 2.3.5Rpm Rpm 4.4.2.1Rpm Rpm 1.4.3Rpm Rpm 3.0.1Rpm Rpm 4.1Rpm Rpm 2.2.3.11Rpm Rpm 4.8.0Rpm Rpm 2.4.4Rpm Rpm 2.3.8Rpm Rpm 2.0.6Rpm Rpm 1.4.4Rpm Rpm 1.4.2\\/aRpm Rpm 2.4.1Rpm Rpm 2.4.9Rpm Rpm 2.6.7Rpm Rpm 1.4Rpm Rpm 2.0.10Rpm Rpm 2.4.5Rpm Rpm 4.9.0Rpm Rpm 4.0.1Rpm Rpm 4.9.1.2Rpm Rpm 2.2.11
7.6
CVSSv2
CVE-2013-6435
Race condition in RPM 4.11.1 and previous versions allows remote malicious users to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d d...
Rpm Rpm 2.3.5Rpm Rpm 4.4.2.1Rpm Rpm 1.4.3Rpm Rpm 3.0.1Rpm Rpm 4.1Rpm Rpm 2.2.3.11Rpm Rpm 4.8.0Rpm Rpm 2.4.4Rpm Rpm 2.3.8Rpm Rpm 2.0.6Rpm Rpm 1.4.4Rpm Rpm 1.4.2\\/aRpm Rpm 2.4.1Rpm Rpm 2.4.9Rpm Rpm 2.6.7Rpm Rpm 1.4Rpm Rpm 2.0.10Rpm Rpm 2.4.5Rpm Rpm 4.9.0Rpm Rpm 4.0.1Rpm Rpm 4.9.1.2Rpm Rpm 2.2.11
4.3
CVSSv2
CVE-2021-36221
Go prior to 1.15.15 and 1.16.x prior to 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Golang GoFedoraproject Fedora 33Fedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Oracle Timesten In-memory DatabaseSiemens Scalance Lpe9403 Firmware
5.8
CVSSv2
CVE-2021-44717
Go prior to 1.16.12 and 1.17.x prior to 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Golang GoDebian Debian Linux 9.0
NA
CVE-2021-43565
The x/crypto/ssh package prior to 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an malicious user to panic an SSH server.
Golang Ssh
5
CVSSv2
CVE-2021-44716
net/http in Go prior to 1.16.12 and 1.17.x prior to 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Golang GoDebian Debian Linux 9.0Netapp Cloud Insights Telegraf -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook