CVE-2024-2307

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-347
View all →

Vulnerability Description

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

Related Vulnerabilities

CVE-2020-10759

MEDIUM
CVSS:6.0(Medium)

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practic...

CWE-3472020

CVE-2025-20178

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary command...

CWE-3472025

CVE-2019-1736

MEDIUM
CVSS:6.2(Medium)

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation che...

CWE-3472019

CVE-2021-43392

MEDIUM
CVSS:6.2(Medium)

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java...

CWE-3472021

CVE-2021-43393

MEDIUM
CVSS:6.2(Medium)

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 a...

CWE-3472021

CVE-2022-31807

HIGH
CVSS:6.2(Medium)

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updat...

CWE-3472022