Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-4739

EPSS 0.61% · P70
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4739

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
reprepro更新代码库签名验证绕过安全限制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
reprepro是用于处理debian软件包的本地代码库的工具。 reprepro在处理密钥交换时存在漏洞,远程攻击者可能利用此漏洞绕过验证。 在使用update命令升级代码库时reprepro只使用请求密钥验证签名,而请求密钥的签名根本不存在时也不会报告,因此会接收任何使用未知密钥签名的内容,这就导致不安全内容绕过了安全检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-4739

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-4739

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-09-06 · 21 CVEs total

CVE-2007-4732Sun Solaris 输入验证漏洞
CVE-2007-4742Claroline 输入验证漏洞
CVE-2007-4741Claroline 跨站脚本攻击漏洞
CVE-2007-4740Telecom Italy Alice Messenger 权限许可和访问控制漏洞
CVE-2007-4738SpeedTech STPHPLib STPHPLIB_DIR Parameter 多个远程文件包含漏洞
CVE-2007-4737SpeedTech STPHPLibrary 代码注入漏洞
CVE-2007-4736CartKeeper CKGold Shopping Cart SQL注入漏洞
CVE-2007-4735Virtual DJ M3U文件本地栈溢出漏洞
CVE-2007-4734OtsTurntables M3U文件本地栈溢出漏洞
CVE-2007-4733Aztech DSL 权限许可和访问控制漏洞
CVE-2007-3913Gforge 未明SQL注入漏洞
CVE-2004-2685@Youngzsoft Youngzsoft CCProxy 缓冲区溢出漏洞
CVE-2007-3752Apple iTunes畸形音乐文件处理堆溢出漏洞
CVE-2007-4748PPStream PowerPlayer.DLL ActiveX控件缓冲区溢出漏洞
CVE-2007-4747Cisco Video Surveillance IP Gateway telnet服务远程认证漏洞
CVE-2007-4746Cisco Video Surveillance IP Gateway 权限提升认证漏洞
CVE-2007-4745Mambo Site Server 跨站脚本攻击漏洞
CVE-2007-4744anyInventory environment.php 远程文件包含漏洞
CVE-2007-4743MIT Kerberos 5 KAdminD服务程序SVCAuth_GSS_Validate远程栈溢出漏洞
CVE-2007-4472Broderbund 3DGreetings Player ActiveX控件多个缓冲区溢出漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-4739

No comments yet

Leave a comment