1606 matches found
CVE-2018-7689 Open Build Service arbitrary package modification
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
Code injection
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...
CVE-2013-1051
CVE-2013-1051 affects apt versions 0.8.16 and 0.9.7 (and possibly others) through improper handling of InRelease files, enabling man-in-the-middle modification of packages before installation via unknown vectors. The underlying issue relates to repository integrity checks and third‑party reposito...
CVE-2011-0466
The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...
Code injection
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL...
CVE-2008-1902
The CVE concerns the GUI for aptlinex prior to version 0.91, where insufficient user warning for potentially dangerous actions could let an attacker remove or modify packages via an apt:// URL. Affected component: aptlinex GUI; Root cause: inadequate confirmation/notification of dangerous actions...