Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:27 a.m.10 views

CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

4.3CVSS7AI score0.01533EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.18 views

openSUSE Security Update : libzypp (openSUSE-SU-2013:1432-1)

libzypp was adjusted to enhance the RPM GPG key import/handling to avoid a problem with multiple key blobs. Attackers able to supplying a repository could let the packagemanager show another keys fingerprint while a second one was actually used to sign the repository CVE-2013-3704. %NASLMINLEVEL...

4.3CVSS5.4AI score0.01533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.21 views

openSUSE Security Update : libzypp (openSUSE-SU-2013:1433-1)

libzypp was adjusted to enhance the RPM GPG key import/handling to avoid a problem with multiple key blobs. Attackers able to supplying a repository could let the packagemanager show another keys fingerprint while a second one was actually used to sign the repository CVE-2013-3704. %NASLMINLEVEL...

4.3CVSS5.4AI score0.01533EPSS
Exploits0References3
CVE
CVE
added 2013/10/28 10:0 p.m.54 views

CVE-2013-3704

CVE-2013-3704 affects the RPM GPG key import/handling in libzypp up to version 12.15.0. When multiple key blobs are used, the signature fingerprint presented to users could differ from the repository’s actual signing key, potentially enabling an attacker to mislead users into trusting a signed re...

4.3CVSS6.8AI score0.01533EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder