DEBIAN-CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

UBUNTU-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

UBUNTU-CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

DEBIAN-CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7436

CVE-2017-7436 concerns a flaw in libzypp prior to 20170803 where unsigned packages could be retrieved without a user warning, enabling potential MITM or malicious servers to inject RPMs. The impact described in the accompanying advisories is high (CVE-2017-7436) with risk to package integrity and...

CVE-2017-7436 libzypp accepts unsigned packages even when configured to check signatures

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7435 libzypp accepts unsigned 3rd party repo without warning

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers. The RAT is cross-platform and capable of planting a keylogger on MacOS systems prior to the OS High Sierra and is designed to steal banking credentials. Coldro...

CVE-2017-13228

In function ih264drefidxreordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

UBUNTU-CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

Input validation

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

DEBIAN-CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

CVE-2018-6323

The elfobjectp function in elfcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfdsizetype multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service application...

CVE-2018-6323

The elfobjectp function in elfcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfdsizetype multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service application...

DEBIAN-CVE-2018-6323

The elfobjectp function in elfcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfdsizetype multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service application...