Lucene search
K

68 matches found

Prion
Prion
added 2020/12/02 1:15 a.m.17 views

Design/Logic Flaw

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

5.8CVSS7AI score0.00607EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/12/02 1:15 a.m.29 views

CVE-2012-0955

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

7.4CVSS7.1AI score0.00607EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/12/02 12:50 a.m.32 views

CVE-2012-0955 software-properties incorrectly validated TLS certificates

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

6.8CVSS7.4AI score0.00607EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/12/02 12:50 a.m.30 views

CVE-2012-0955

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

7.4CVSS7.4AI score0.00607EPSS
Exploits1
CVE
CVE
added 2020/12/02 12:50 a.m.77 views

CVE-2012-0955

CVE-2012-0955 affects the Ubuntu software-properties component, where TLS certificate validation was incorrect in softwareproperties/ppa.py. It did not consistently validate TLS certificates under Python 2 and only validated under Python 3 if a valid bundle was provided. This led to potential MIT...

7.4CVSS6.9AI score0.00607EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2020/12/01 12:0 a.m.9 views

Launchpad Software-properties Trust Management Issue Vulnerability

Launchpad Software-properties is a software from the Launchpad organization for managing installed software images on Linux systems. A security vulnerability exists in software-properties versions prior to 0.92, which stems from incorrect TLS certificate validation in softwareproperties ppa.py,...

7.4CVSS7.1AI score0.00607EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/08/24 12:0 a.m.31 views

Debian DLA-2339-1 : software-properties security update

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository PPA. For Debian 9 stretch, this problem has been fixed in version...

5.5CVSS5.6AI score0.00313EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/08/23 12:0 a.m.20 views

Debian: Security Advisory (DLA-2339-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.00313EPSS
Exploits0References4
Debian
Debian
added 2020/08/22 5:12 p.m.46 views

[SECURITY] [DLA 2339-1] software-properties security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2339-1 [email protected] https://www.debian.org/lts/security/ August 22, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

5.5CVSS5.4AI score0.00313EPSS
Exploits0
OSV
OSV
added 2020/08/22 12:0 a.m.13 views

DLA-2339-1 software-properties - security update

Bulletin has no description...

5.5CVSS5.3AI score0.00313EPSS
Exploits0
OSV
OSV
added 2020/08/17 2:30 p.m.1 views

USN-4457-2 software-properties vulnerability

USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricke...

5.5CVSS6.2AI score0.00313EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/08/17 2:30 p.m.52 views

USN-4457-2: Software Properties vulnerability

USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricke...

5.5CVSS5.9AI score0.00313EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/08/13 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-4457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.00313EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/13 12:0 a.m.32 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Software Properties vulnerability (USN-4457-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4457-1 advisory. Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If ...

5.5CVSS6AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2020/08/12 1:56 p.m.3 views

USN-4457-1 software-properties vulnerability

Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen...

5.5CVSS6.2AI score0.00313EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/08/12 1:56 p.m.62 views

USN-4457-1: Software Properties vulnerability

Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen...

5.5CVSS5.9AI score0.00313EPSS
Exploits0
NVD
NVD
added 2014/05/14 12:55 a.m.19 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

4.3CVSS6.2AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2014/05/14 12:55 a.m.3 views

DEBIAN-CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

4.3CVSS6.8AI score0.00632EPSS
Exploits0References1
OSV
OSV
added 2014/05/14 12:55 a.m.7 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

6.1AI score
Exploits0References2
Prion
Prion
added 2014/05/14 12:55 a.m.18 views

Code injection

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

4.3CVSS6.7AI score0.00632EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder