CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2012-0955 – software-properties incorrectly validated TLS certificates
https://notcve.org/view.php?id=CVE-2012-0955
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. software-properties era vulnerable a un ataque de tipo person-in-the-middle debido a una comprobación inapropiada del certificado TLS en el archivo softwareproperties/ppa.py. software-properties no comprobó los certificados TLS en python2 y solo comprobó los certificados en python3 si se proporcionó un paquete de certificado válido. Corregido en software-properties versión 0.92 • https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753 https://launchpad.net/bugs/1036839 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4407
https://notcve.org/view.php?id=CVE-2011-4407
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. ppa.py en Software Properties anterior a 0.81.13.3 no valida el certificado de servidor cuando descarga huellas dactilares de claves GPG PPA, lo que permite a atacantes man-in-the-middle (MITM) falsificar claves GPG para un repositorio de paquete. • http://www.ubuntu.com/usn/USN-1352-1 https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210 • CWE-20: Improper Input Validation •