Lucene search
K

256 matches found

Prion
Prion
added 2018/03/01 8:29 p.m.22 views

Code injection

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

7.5CVSS6.8AI score0.0229EPSS
Exploits0References3
NVD
NVD
added 2018/03/01 8:29 p.m.24 views

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

9.3CVSS7.9AI score0.01843EPSS
Exploits0References3
NVD
NVD
added 2018/03/01 8:29 p.m.25 views

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

9.3CVSS8.3AI score0.01843EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 8:29 p.m.2 views

UBUNTU-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS7.2AI score0.01843EPSS
Exploits0References2
OSV
OSV
added 2018/03/01 8:29 p.m.22 views

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS8.2AI score0.01843EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 8:29 p.m.1 views

DEBIAN-CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS8.5AI score0.01843EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 8:29 p.m.0 views

DEBIAN-CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

9.8CVSS6.9AI score0.0229EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 8:29 p.m.1 views

DEBIAN-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS6.8AI score0.01843EPSS
Exploits0References1
CVE
CVE
added 2018/03/01 7:0 p.m.83 views

CVE-2017-9269

CVE-2017-9269 affects libzypp; before Aug 2018 GPG keys attached to YUM repositories were not properly pinned, allowing malicious mirrors to downgrade to unsigned repos with potentially malicious content. The issue originates from improper key pinning rather than repository signing verification. ...

9.8CVSS6.6AI score0.0229EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/03/01 7:0 p.m.23 views

CVE-2017-7436 libzypp accepts unsigned packages even when configured to check signatures

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS8.7AI score0.01843EPSS
Exploits0References3
CVE
CVE
added 2018/03/01 7:0 p.m.83 views

CVE-2017-7436

CVE-2017-7436 concerns a flaw in libzypp prior to 20170803 where unsigned packages could be retrieved without a user warning, enabling potential MITM or malicious servers to inject RPMs. The impact described in the accompanying advisories is high (CVE-2017-7436) with risk to package integrity and...

9.3CVSS8.7AI score0.01843EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/03/01 7:0 p.m.30 views

CVE-2017-9269 lack of keypinning in libzypp could lead to repository switching

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

7.7CVSS9.4AI score0.0229EPSS
Exploits0References3
CVE
CVE
added 2018/03/01 7:0 p.m.86 views

CVE-2017-7435

CVE-2017-7435 affects libzypp (before 20170803). The issue allows adding unsigned YUM repositories without user warning, creating a vector for man‑in‑the‑middle or malicious servers to inject unsigned RPMs. Connected advisories show the fix being addressed in SUSE’s libzypp/zypper security update...

9.3CVSS6.4AI score0.01843EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/03/01 7:0 p.m.24 views

CVE-2017-7435 libzypp accepts unsigned 3rd party repo without warning

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS8.6AI score0.01843EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/03/01 7:0 p.m.28 views

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

9.3CVSS8.8AI score0.01843EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/03/01 7:0 p.m.43 views

CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

9.8CVSS8.8AI score0.0229EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/09/06 12:0 a.m.25 views

openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2370-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS9AI score0.01843EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/09/06 12:0 a.m.34 views

openSUSE Security Update : libzypp / zypper (openSUSE-2017-1009)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper : - Also show a gpg key's subkeys. bsc1008325 - Improve signatur...

9.3CVSS8AI score0.01843EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.25 views

SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2017:2344-1)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper : - Also show a gpg key's subkeys. bsc1008325 - Improve signatur...

9.3CVSS8AI score0.01843EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.44 views

openSUSE Security Update : libzypp (openSUSE-2017-989)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

9.8CVSS8.1AI score0.0229EPSS
Exploits0References11
Rows per page
Query Builder