EUVD-2017-16459

Malware in sbrugna...

EUVD-2022-4782

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-7435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious server...

SUSE CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

SUSE: Security Advisory (SUSE-SU-2017:2040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerabilities of the functions Version.fetch_binary() and Version.fetch_source() in the python-apt package installation module allow a attacker to compromise data integrity.

The vulnerability of the Version.fetchbinary and Version.fetchsource functions in the python-apt package installation module is related to an error in downloading files from repositories that do not have a signature. Exploiting this vulnerability could allow a remote attacker to compromise data...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

DEBIAN-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

Design/Logic Flaw

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2019-15796

CVE-2019-15796 affects the Python-apt package where Version.fetch_binary(), Version.fetch_source(), and _fetch_archives() did not verify signed hashes in versions up to 1.9.3ubuntu2, enabling downloads from unsigned repositories. The issue has been fixed in versions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ub...

Debian: Security Advisory (DSA-4609-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4609-1] python-apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2020 https://www.debian.org/security/faq -...

CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

UBUNTU-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

Design/Logic Flaw

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

DEBIAN-CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

UBUNTU-CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

UBUNTU-CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...