Lucene search
K

36 matches found

OSV
OSV
added 2026/05/04 9:27 p.m.7 views

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-2183

Malware in sbrugna...

7.5CVSS6.4AI score0.01532EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-8120

Malware in sbrugna...

7.8CVSS7.5AI score0.00713EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20742

Malware in sbrugna...

7.6CVSS6.9AI score0.00803EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-2339

Malware in sbrugna...

5.8CVSS6.4AI score0.01205EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/04 9:31 a.m.17 views

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and...

4.5CVSS6.8AI score0.00353EPSS
Exploits0References1
Prion
Prion
added 2022/08/17 10:15 p.m.21 views

Design/Logic Flaw

The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

4.3CVSS7.6AI score0.0014EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/07/14 9:34 a.m.1 views

OPENSUSE-SU-2022:1157-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...

7.3AI score
Exploits0References10
OSV
OSV
added 2022/07/14 9:34 a.m.1 views

SUSE-SU-2022:1157-2 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...

7.3AI score
Exploits0References10
OpenVAS
OpenVAS
added 2022/05/17 12:0 a.m.7 views

openSUSE: Security Advisory for libsolv, (SUSE-SU-2022:1157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OSV
OSV
added 2022/04/12 11:26 a.m.2 views

SUSE-SU-2022:1157-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support...

7.3AI score
Exploits0References10
OpenVAS
OpenVAS
added 2022/04/11 12:0 a.m.8 views

SUSE: Security Advisory (SUSE-SU-2022:1131-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References12
OSV
OSV
added 2022/04/08 7:44 a.m.2 views

SUSE-SU-2022:1131-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support parsin...

7.3AI score
Exploits0References10
OSV
OSV
added 2022/04/08 7:43 a.m.1 views

SUSE-SU-2022:1130-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks bsc1184501. libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLEPREREQIGNOREINST in the ordering code bsc1196514 - support parsin...

7.3AI score
Exploits0References10
OSV
OSV
added 2022/04/07 2:19 p.m.3 views

SUSE-SU-2022:1128-1 Security update for libsolv, libzypp

This update for libsolv, libzypp fixes the following issues: libsolv to 0.6.39: - fix memory leaks in SWIG generated code - fix misparsing of '&' in attributes with libxml2 - try to keep packages from a cycle close togther in the transaction order bsc1189622 - fix split provides not working if th...

7.2AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/07/20 10:25 p.m.3 views

rpm: Signature checks bypass via corrupted rpm package

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.4AI score0.00827EPSS
Exploits0References4
OSV
OSV
added 2021/03/26 5:15 p.m.1 views

DEBIAN-CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.3AI score0.00827EPSS
Exploits0References1
OSV
OSV
added 2021/03/26 5:15 p.m.4 views

UBUNTU-CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.1AI score0.00827EPSS
Exploits0References4
NVD
NVD
added 2021/01/13 8:15 p.m.19 views

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

9.8CVSS9.7AI score0.01962EPSS
Exploits1References4
OSV
OSV
added 2021/01/13 8:15 p.m.3 views

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

9.8CVSS7.3AI score0.01962EPSS
Exploits1References4
Rows per page
Query Builder