55 matches found
SUSE CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...
SUSE: Security Advisory (SUSE-SU-2017:2344-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...
Code injection
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...
CVE-2019-14713
The CVE-2019-14713 entry concerns Verifone MX900 series Pinpad Payment Terminals running OS 30251000, where the system allows installation of unsigned packages. Connected sources corroborate the same description and note an integrity impact (HIGH) with local access required and no user interactio...
ALPINE-CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...
DEBIAN-CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...
ansible: dnf module install packages with no GPG signature
A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...
DEBIAN-CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code...
libzypp RPM Package Injection Vulnerability
libzypp also known as ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in versions of libzypp prior to 20170803. An attacker can exploit this vulnerability by retrieving unsigned packages to...
Design/Logic Flaw
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...
CVE-2017-7436
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...
DEBIAN-CVE-2017-7436
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...
UBUNTU-CVE-2017-7436
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...