Lucene search
K

55 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

6.3CVSS9.2AI score0.00233EPSS
Exploits0References6
NVD
NVD
added 2022/12/16 10:15 p.m.27 views

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

6CVSS0.00158EPSS
Exploits0References3
OSV
OSV
added 2022/12/16 10:15 p.m.6 views

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

6CVSS5.8AI score0.00158EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/12/16 10:15 p.m.3 views

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

6CVSS5.9AI score0.00158EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.15 views

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

7AI score0.00158EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2017:2344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9AI score0.01843EPSS
Exploits0References10
NVD
NVD
added 2020/10/23 5:15 a.m.15 views

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

5.5CVSS0.00297EPSS
Exploits0References1
OSV
OSV
added 2020/10/23 5:15 a.m.4 views

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

5.5CVSS6.1AI score0.00297EPSS
Exploits0References1
Prion
Prion
added 2020/10/23 5:15 a.m.19 views

Code injection

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

2.1CVSS5.5AI score0.00297EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/23 4:33 a.m.24 views

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

5.5AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2020/10/23 4:33 a.m.59 views

CVE-2019-14713

The CVE-2019-14713 entry concerns Verifone MX900 series Pinpad Payment Terminals running OS 30251000, where the system allows installation of unsigned packages. Connected sources corroborate the same description and note an integrity impact (HIGH) with local access required and no user interactio...

5.5CVSS5.5AI score0.00297EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/23 1:15 p.m.3 views

ALPINE-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

7.1CVSS7.2AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 1:15 p.m.1 views

DEBIAN-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

7.1CVSS8AI score0.00233EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/01 7:33 p.m.3 views

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

7.1CVSS7.3AI score0.00233EPSS
Exploits0References4
OSV
OSV
added 2019/11/27 9:15 p.m.1 views

DEBIAN-CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code...

5.3CVSS6.3AI score0.00393EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/02 12:0 a.m.4 views

libzypp RPM Package Injection Vulnerability

libzypp also known as ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in versions of libzypp prior to 20170803. An attacker can exploit this vulnerability by retrieving unsigned packages to...

9.3CVSS6.8AI score0.01843EPSS
Exploits0References1
Prion
Prion
added 2018/03/01 8:29 p.m.15 views

Design/Logic Flaw

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

9.3CVSS7.8AI score0.01843EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/03/01 8:29 p.m.23 views

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

9.3CVSS7.2AI score0.01843EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 8:29 p.m.1 views

DEBIAN-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS6.8AI score0.01843EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 8:29 p.m.2 views

UBUNTU-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

8.1CVSS7.2AI score0.01843EPSS
Exploits0References2
Rows per page
Query Builder