Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpm rpm vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read...
Gpac Gpac 2.0.0
Debian Debian Linux 11.0
668
VMScore
CVE-2022-23132
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Zabbix Zabbix 6.0.0
Zabbix Zabbix
Fedoraproject Fedora 34
Fedoraproject Fedora 35
446
VMScore
CVE-2021-44716
net/http in Go prior to 1.16.12 and 1.17.x prior to 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Golang Go
Debian Debian Linux 9.0
Netapp Cloud Insights Telegraf -
516
VMScore
CVE-2021-44717
Go prior to 1.16.12 and 1.17.x prior to 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Golang Go
Debian Debian Linux 9.0
384
VMScore
CVE-2021-36221
Go prior to 1.15.15 and 1.16.x prior to 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
Golang Go
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Oracle Timesten In-memory Database
Siemens Scalance Lpe9403 Firmware
801
VMScore
CVE-2021-3198
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
801
VMScore
CVE-2021-3540
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
NA
CVE-2021-20248
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
454
VMScore
CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions prior to 0.60.1. This flaw allows an malicious user to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The high...
Rpm Libdnf
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 8.0
383
VMScore
CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data...
Rpm Rpm
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »