Lucene search
+L

1606 matches found

Cvelist
Cvelist
added 2018/06/07 1:0 p.m.30 views

CVE-2018-7689 Open Build Service arbitrary package modification

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...

7.1CVSS6.1AI score0.01208EPSS
Exploits0References3
Prion
Prion
added 2014/04/15 11:55 p.m.23 views

Code injection

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

4.3CVSS6.9AI score0.01335EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/03/21 5:0 p.m.80 views

CVE-2013-1051

CVE-2013-1051 affects apt versions 0.8.16 and 0.9.7 (and possibly others) through improper handling of InRelease files, enabling man-in-the-middle modification of packages before installation via unknown vectors. The underlying issue relates to repository integrity checks and third‑party reposito...

4.3CVSS6.4AI score0.01343EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2011/04/10 2:51 a.m.21 views

CVE-2011-0466

The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...

6.4CVSS6.5AI score0.0107EPSS
Exploits0References1
Prion
Prion
added 2008/04/22 4:41 a.m.18 views

Code injection

The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL...

5CVSS7.3AI score0.00983EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2008/04/21 10:10 p.m.48 views

CVE-2008-1902

The CVE concerns the GUI for aptlinex prior to version 0.91, where insufficient user warning for potentially dangerous actions could let an attacker remove or modify packages via an apt:// URL. Affected component: aptlinex GUI; Root cause: inadequate confirmation/notification of dangerous actions...

5CVSS6.7AI score0.00983EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder