MalwareBytes Missing Signing / Privilege Escalation

This is older research from 2016 when Google found that MalwareBytes failed to sign packages and download them over a secure channel as well as various other security issues...

EUVD-2020-2737

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-0022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows...

Oracle Linux 10 : kernel (ELSA-2025-8669)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8669 advisory. 6.12.0-55.19.1.0.10.OL10 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate...

CVE-2024-55539

Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent Linux before build 39185, Acronis Cyber Protect 16 Linux before build 39938...

CVE-2024-55539

Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent Linux before build 39185, Acronis Cyber Protect 16 Linux before build 39938...

Acronis Cyber Protect Cloud Agent 加密问题漏洞

Acronis Cyber Protect Cloud Agent is a cloud agent from Acronis Switzerland. An encryption issue vulnerability exists in versions prior to Acronis Cyber Protect Cloud Agent build39185 that stems from a weak algorithm used to sign RPM packages...

SUSE CVE-2012-6088

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package...

UBUNTU-CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

CVE-2020-10282

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10282

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

Authorization

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10282

The CVE-2020-10282 entry concerns MAVLink, where version 1.0 has no authentication or authorization, enabling identity spoofing, unauthorized access, and man-in-the-middle-style attacks on MAVLink-based UAV communications. Some sources note MAVLink 2.0 adds a basic authentication mechanism (e.g.,...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2019-12875

CVE-2019-12875 concerns Alpine Linux abuild up to version 3.4.0. The vulnerability arises because an unprivileged member of the abuild group can misuse a --keys-dir option to cause acceptance of an untrusted signing key, enabling the introduction of an untrusted package. The Red Hat advisory corr...

Amazon Linux AMI : yum (ALAS-2014-315)

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. C Tenable Network Security, Inc. The descriptive...

Medium: yum

Issue Overview: The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. Affected Packages: yum Issue...

CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package...

CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package...

Authentication flaw

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package...