57 matches found
PT-2020-11372 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 8.0 Description: A time-of-check time-of-use vulnerability in the onCreate method of InstallStart.java could allow for a package validation bypass. This issue may lead to local escalation of privilege without requiring...
CVE-2019-5226
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1, versions earlier than VOGUE-AL00A 9.1.0.193C00E190R2P1, versions earlier than Hima-AL00B 9.1.0.135C00E133R2P1 and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade...
Xorux Lpar2RRD and Stor2RRD Operating System Command Injection Vulnerability
Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. An operating system command injection vulnerability exists in Xor...
Multiple Huawei Product Version Downgrade Vulnerabilities (CNVD-2019-30711)
Huawei P30 and others are products of Huawei, a Chinese company.Huawei P30 is a smartphone.Huawei P30 Pro is a smartphone.Huawei HiSuite is a cell phone assistant application for PCs.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a...
Multiple Huawei product version downgrade vulnerability
Huawei P30 and others are products of Huawei, a Chinese company.Huawei P30 is a smartphone.Huawei P30 Pro is a smartphone.Huawei HiSuite is a cell phone assistant application for PCs.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a...
SUSE-SU-2018:2716-2 Security update for libzypp, zypper
This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching...
SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2814-1)
This update for libzypp, zypper fixes the following issues : Update libzypp to version 16.17.20 : Security issues fixed : PackageProvider: Validate deta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624,...
SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-1)
This update for libzypp, zypper provides the following fixes : Update libzypp to version 16.17.20 Security issues fixed : PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624...
SUSE-SU-2018:2690-1 Security update for libzypp, zypper
This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...
SUSE-SU-2018:2688-1 Security update for libzypp, zypper
This update for libzypp, zypper fixes the following issues: libzypp security fixes: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624, bsc1088705, CVE-2018-7685 - Be...
Cisco Spark Board Local Security Bypass Vulnerability
Cisco Spark Board is a dedicated tablet device for video conferencing from Cisco. A local security bypass vulnerability exists in the upgrade process in Cisco Spark Board, which arises from the program failing to adequately validate the upgrade package. A local attacker could exploit the...
Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process wit...
CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package...
USN-2348-1: APT vulnerabilities
It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn't met. CVE-2014-0487 It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. CVE-2014-0488 It was discovered that the APT...
CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature...
DEBIAN-CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature...
CVE-2011-1829
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...