36 matches found
GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)
apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...
EUVD-2002-2183
Malware in sbrugna...
EUVD-2020-8120
Malware in sbrugna...
EUVD-2018-20742
Malware in sbrugna...
EUVD-2002-2339
Malware in sbrugna...
CVE-2022-3864
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and...
Design/Logic Flaw
The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
OPENSUSE-SU-2022:1157-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...
SUSE-SU-2022:1157-2 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...
openSUSE: Security Advisory for libsolv, (SUSE-SU-2022:1157-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1157-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...
SUSE: Security Advisory (SUSE-SU-2022:1131-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1131-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support parsin...
SUSE-SU-2022:1130-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support parsin...
SUSE-SU-2022:1128-1 Security update for libsolv, libzypp
This update for libsolv, libzypp fixes the following issues: libsolv to 0.6.39: - fix memory leaks in SWIG generated code - fix misparsing of '&' in attributes with libxml2 - try to keep packages from a cycle close togther in the transaction order bsc1189622 - fix split provides not working if th...
rpm: Signature checks bypass via corrupted rpm package
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...
DEBIAN-CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...
UBUNTU-CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...
CVE-2020-27488
Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...
CVE-2020-27488
Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...