rpm package
opensuse/signing-party&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/signing-party&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11627 | Cri | 9.8 | < 2.11-1.3 | 2.11-1.3 | Apr 30, 2019 | gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | |
| CVE-2018-15599 | Med | 5.3 | < 2.11-1.3 | 2.11-1.3 | Aug 21, 2018 | The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. |
- affected < 2.11-1.3fixed 2.11-1.3
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
- affected < 2.11-1.3fixed 2.11-1.3
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.