Lucene search
K

57 matches found

Positive Technologies
Positive Technologies
added 2020/01/08 12:0 a.m.5 views

PT-2020-11372 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 8.0 Description: A time-of-check time-of-use vulnerability in the onCreate method of InstallStart.java could allow for a package validation bypass. This issue may lead to local escalation of privilege without requiring...

6.7CVSS6.5AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/11/29 6:57 p.m.27 views

CVE-2019-5226

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1, versions earlier than VOGUE-AL00A 9.1.0.193C00E190R2P1, versions earlier than Hima-AL00B 9.1.0.135C00E133R2P1 and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade...

5.5AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/19 12:0 a.m.1 views

Xorux Lpar2RRD and Stor2RRD Operating System Command Injection Vulnerability

Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. An operating system command injection vulnerability exists in Xor...

9CVSS8AI score0.02013EPSS
Exploits1References1
CNVD
CNVD
added 2019/09/06 12:0 a.m.3 views

Multiple Huawei Product Version Downgrade Vulnerabilities (CNVD-2019-30711)

Huawei P30 and others are products of Huawei, a Chinese company.Huawei P30 is a smartphone.Huawei P30 Pro is a smartphone.Huawei HiSuite is a cell phone assistant application for PCs.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a...

5.5CVSS6.7AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/06 12:0 a.m.3 views

Multiple Huawei product version downgrade vulnerability

Huawei P30 and others are products of Huawei, a Chinese company.Huawei P30 is a smartphone.Huawei P30 Pro is a smartphone.Huawei HiSuite is a cell phone assistant application for PCs.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a smartphone.Huawei P30 Pro is a...

5.5CVSS6.7AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2018/10/18 12:48 p.m.7 views

SUSE-SU-2018:2716-2 Security update for libzypp, zypper

This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching...

9.8CVSS8.8AI score0.0229EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2018/09/25 12:0 a.m.39 views

SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2814-1)

This update for libzypp, zypper fixes the following issues : Update libzypp to version 16.17.20 : Security issues fixed : PackageProvider: Validate deta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624,...

9.8CVSS7.7AI score0.0229EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2018/09/17 12:0 a.m.27 views

SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-1)

This update for libzypp, zypper provides the following fixes : Update libzypp to version 16.17.20 Security issues fixed : PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624...

9.8CVSS7.7AI score0.0229EPSS
Exploits0References19
OSV
OSV
added 2018/09/11 1:50 p.m.5 views

SUSE-SU-2018:2690-1 Security update for libzypp, zypper

This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...

9.8CVSS9AI score0.0229EPSS
Exploits0References31
OSV
OSV
added 2018/09/11 12:59 p.m.7 views

SUSE-SU-2018:2688-1 Security update for libzypp, zypper

This update for libzypp, zypper fixes the following issues: libzypp security fixes: - PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 - PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624, bsc1088705, CVE-2018-7685 - Be...

9.8CVSS9AI score0.0229EPSS
Exploits0References22
CNVD
CNVD
added 2017/11/21 12:0 a.m.3 views

Cisco Spark Board Local Security Bypass Vulnerability

Cisco Spark Board is a dedicated tablet device for video conferencing from Cisco. A local security bypass vulnerability exists in the upgrade process in Cisco Spark Board, which arises from the program failing to adequately validate the upgrade package. A local attacker could exploit the...

4.4CVSS6.5AI score0.00193EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.49 views

Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process wit...

4.4CVSS4.5AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2014/11/03 10:55 p.m.15 views

CVE-2014-0489

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package...

7.5CVSS7.4AI score0.03614EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2014/09/16 4:20 p.m.49 views

USN-2348-1: APT vulnerabilities

It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn't met. CVE-2014-0487 It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. CVE-2014-0488 It was discovered that the APT...

7.5CVSS5.3AI score0.03614EPSS
Exploits0
OSV
OSV
added 2014/06/17 2:55 p.m.8 views

CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature...

6.2AI score
Exploits0References5
OSV
OSV
added 2014/06/17 2:55 p.m.3 views

DEBIAN-CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature...

4CVSS6.8AI score0.0157EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2011/07/13 12:0 a.m.19 views

CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...

4.3CVSS5.9AI score0.01686EPSS
Exploits0References2
Rows per page
Query Builder