Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2016-2351

Malware in sbrugna...

5.9CVSS5AI score0.07308EPSS
Exploits2References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2013-3637

Malware in sbrugna...

4.3CVSS6.3AI score0.01533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : libzypp, zypper (SUSE-SU-2018:2690-1)

This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: Update to version...

9.8CVSS7.8AI score0.0229EPSS
Exploits0References33
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/17 12:7 p.m.44 views

Security update for libzypp, zypper (important)

This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...

7.5CVSS7.5AI score0.0229EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2018/09/17 12:0 a.m.39 views

openSUSE Security Update : libzypp / zypper (openSUSE-2018-1017)

This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp : - Update to...

9.8CVSS7.7AI score0.0229EPSS
Exploits0References30
NVD
NVD
added 2017/12/05 4:29 p.m.24 views

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS5.6AI score0.07308EPSS
Exploits2References6
Prion
Prion
added 2017/12/05 4:29 p.m.20 views

Design/Logic Flaw

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

4.3CVSS6.8AI score0.07308EPSS
Exploits2References6Affected Software2
OSV
OSV
added 2017/12/05 4:29 p.m.8 views

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS5.5AI score
Exploits0References6
OSV
OSV
added 2017/12/05 4:29 p.m.1 views

DEBIAN-CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS5AI score0.07308EPSS
Exploits2References1
Cvelist
Cvelist
added 2017/12/05 4:0 p.m.33 views

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9AI score0.07308EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2017/12/05 4:0 p.m.40 views

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS5.3AI score0.07308EPSS
Exploits2
CVE
CVE
added 2017/12/05 4:0 p.m.148 views

CVE-2016-1252

CVE-2016-1252 affects the apt package in Debian (Jessie before 1.0.9.8.4) and in Ubuntu (14.04 LTS before 1.0.1ubuntu2.17, 16.04 LTS before 1.2.15ubuntu0.2, 16.10 before 1.3.2ubuntu0.1; Debian unstable before 1.4~beta2). It permits MITM attackers to bypass repository-signing protection by exploit...

5.9CVSS5.7AI score0.07308EPSS
Exploits2References6Affected Software1
Exploit DB
Exploit DB
added 2016/12/14 12:0 a.m.77 views

APT - Repository Signing Bypass via Memory Allocation Failure

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease file is downloaded to disk. In a subprocess running the gpgv...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2016/12/13 12:0 a.m.6 views

PT-2016-4672

Name of the Vulnerable Software and Affected Versions Debian versions prior to 1.0.9.8.4 Debian unstable versions prior to 1.4beta2 Ubuntu 14.04 LTS versions prior to 1.0.1ubuntu2.17 Ubuntu 16.04 LTS versions prior to 1.2.15ubuntu0.2 Ubuntu 16.10 versions prior to 1.3.2ubuntu0.1 Description The...

5.9CVSS6.1AI score0.07308EPSS
Exploits2References17
UbuntuCve
UbuntuCve
added 2016/12/13 12:0 a.m.30 views

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS6.1AI score0.07308EPSS
Exploits2References2
OSV
OSV
added 2016/12/13 12:0 a.m.3 views

UBUNTU-CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

5.9CVSS6.1AI score0.07308EPSS
Exploits2References3
Prion
Prion
added 2013/10/28 10:55 p.m.12 views

Hardcoded credentials

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

4.3CVSS7.1AI score0.01533EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2007/09/06 7:17 p.m.3 views

DEBIAN-CVE-2007-4739

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...

5CVSS7AI score0.01516EPSS
Exploits0References1
Rows per page
Query Builder