Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
42 vulnerabilities found for advanced_package_tool by debian
CVE-2020-27351 (GCVE-0-2020-27351)
Vulnerability from cvelistv5 – Published: 2020-12-10 04:05 – Updated: 2024-09-16 22:15
VLAI
Title
Various memory and file descriptor leaks in apt-python
Summary
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Severity
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC |
| https://usn.ubuntu.com/usn/usn-4668-1 | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4809 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | python-apt |
Affected:
1.1.0~beta1 , < 1.1.0~beta1ubuntu0.16.04.10
(custom)
Affected: 1.6.5ubuntu0 , < 1.6.5ubuntu0.4 (custom) Affected: 2.0.0ubuntu0 , < 2.0.0ubuntu0.20.04.2 (custom) Affected: 2.1.3ubuntu1 , < 2.1.3ubuntu1.1 (custom) |
Date Public
2020-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0~beta1ubuntu0.16.04.10",
"status": "affected",
"version": "1.1.0~beta1",
"versionType": "custom"
},
{
"lessThan": "1.6.5ubuntu0.4",
"status": "affected",
"version": "1.6.5ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.0ubuntu0.20.04.2",
"status": "affected",
"version": "2.0.0ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.3ubuntu1.1",
"status": "affected",
"version": "2.1.3ubuntu1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T11:06:07.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "Various memory and file descriptor leaks in apt-python",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27351",
"STATE": "PUBLIC",
"TITLE": "Various memory and file descriptor leaks in apt-python"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.0~beta1",
"version_value": "1.1.0~beta1ubuntu0.16.04.10"
},
{
"version_affected": "\u003c",
"version_name": "1.6.5ubuntu0",
"version_value": "1.6.5ubuntu0.4"
},
{
"version_affected": "\u003c",
"version_name": "2.0.0ubuntu0",
"version_value": "2.0.0ubuntu0.20.04.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.3ubuntu1",
"version_value": "2.1.3ubuntu1.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4668-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4809"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27351",
"datePublished": "2020-12-10T04:05:18.897Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:15:18.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27350 (GCVE-0-2020-27350)
Vulnerability from cvelistv5 – Published: 2020-12-10 04:05 – Updated: 2024-09-17 04:29
VLAI
Title
apt integer wraparound
Summary
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Severity
5.7 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/usn/usn-4667-1 | x_refsource_MISC |
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4808 | vendor-advisoryx_refsource_DEBIAN |
| https://security.netapp.com/advisory/ntap-2021010… | x_refsource_CONFIRM |
Impacted products
Date Public
2020-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.2.32ubuntu0.2",
"status": "affected",
"version": "1.2.32ubuntu0",
"versionType": "custom"
},
{
"lessThan": "1.6.12ubuntu0.2",
"status": "affected",
"version": "1.6.12ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.2ubuntu0.2",
"status": "affected",
"version": "2.0.2ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.10ubuntu0.1",
"status": "affected",
"version": "2.1.10ubuntu0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:12.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "apt integer wraparound",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27350",
"STATE": "PUBLIC",
"TITLE": "apt integer wraparound"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.32ubuntu0",
"version_value": "1.2.32ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "1.6.12ubuntu0",
"version_value": "1.6.12ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.0.2ubuntu0",
"version_value": "2.0.2ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.10ubuntu0",
"version_value": "2.1.10ubuntu0.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4667-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27350",
"datePublished": "2020-12-10T04:05:18.456Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:18.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3374 (GCVE-0-2011-3374)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:13 – Updated: 2024-08-06 23:29
VLAI
Summary
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3374 | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-LINUX-APT-116518 | x_refsource_MISC |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_MISC |
| https://seclists.org/fulldisclosure/2011/Sep/221 | x_refsource_MISC |
| https://ubuntu.com/security/CVE-2011-3374 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "apt",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T12:30:35.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "apt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3374",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3374",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-APT-116518",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"name": "https://seclists.org/fulldisclosure/2011/Sep/221",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"name": "https://ubuntu.com/security/CVE-2011-3374",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3374",
"datePublished": "2019-11-25T23:13:02.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3462 (GCVE-0-2019-3462)
Vulnerability from cvelistv5 – Published: 2019-01-28 21:00 – Updated: 2024-09-16 16:32
VLAI
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Severity
No CVSS data available.
CWE
- Remote code execution in apt
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106690 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/3863-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3863-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2019/dsa-4371 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019012… | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/8338a0f605bd… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian GNU/Linux | apt as used in Debian Stretch and Ubuntu |
Affected:
1.4.8 and earlier
|
Date Public
2019-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt as used in Debian Stretch and Ubuntu",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "1.4.8 and earlier"
}
]
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution in apt",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T16:06:05.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2019-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt as used in Debian Stretch and Ubuntu",
"version": {
"version_data": [
{
"version_value": "1.4.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution in apt"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190125-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3462",
"datePublished": "2019-01-28T21:00:00.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:28.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0501 (GCVE-0-2018-0501)
Vulnerability from cvelistv5 – Published: 2018-08-21 00:00 – Updated: 2024-08-05 03:28
VLAI
Summary
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Severity
No CVSS data available.
CWE
- lack of signature verification
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://mirror.fail | x_refsource_MISC |
| https://usn.ubuntu.com/3746-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://salsa.debian.org/apt-team/apt/commit/aebd… | x_refsource_MISC |
| https://salsa.debian.org/apt-team/apt/commit/2965… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 |
Affected:
APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3
|
Date Public
2018-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
],
"datePublic": "2018-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lack of signature verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"version": {
"version_data": [
{
"version_value": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lack of signature verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mirror.fail",
"refsource": "MISC",
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2018-0501",
"datePublished": "2018-08-21T00:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1252 (GCVE-0-2016-1252)
Vulnerability from cvelistv5 – Published: 2017-12-05 16:00 – Updated: 2024-08-05 22:48
VLAI
Summary
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3733 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-3156-1 | vendor-advisoryx_refsource_UBUNTU |
| http://packetstormsecurity.com/files/140145/apt-R… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/40916/ | exploitx_refsource_EXPLOIT-DB |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bu… | x_refsource_CONFIRM |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
Date Public
2016-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3733",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"name": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1252",
"datePublished": "2017-12-05T16:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0487 (GCVE-0-2014-0487)
Vulnerability from cvelistv5 – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0487",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0490 (GCVE-0-2014-0490)
Vulnerability from cvelistv5 – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0490",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0488 (GCVE-0-2014-0488)
Vulnerability from cvelistv5 – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0488",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0489 (GCVE-0-2014-0489)
Vulnerability from cvelistv5 – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0489",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7206 (GCVE-0-2014-7206)
Vulnerability from cvelistv5 – Published: 2014-10-15 14:00 – Updated: 2024-08-06 12:40
VLAI
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61333 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-3048 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/61768 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61158 | third-party-advisoryx_refsource_SECUNIA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70310 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-2370-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-7206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61158"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-7206",
"datePublished": "2014-10-15T14:00:00.000Z",
"dateReserved": "2014-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6273 (GCVE-0-2014-6273)
Vulnerability from cvelistv5 – Published: 2014-09-30 14:00 – Updated: 2024-08-06 12:10
VLAI
Summary
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2353-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/70075 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61710 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2014/dsa-3031 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/61605 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2353-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6273",
"datePublished": "2014-09-30T14:00:00.000Z",
"dateReserved": "2014-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0478 (GCVE-0-2014-0478)
Vulnerability from cvelistv5 – Published: 2014-06-17 14:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/58843 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/59358 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-2958 | vendor-advisoryx_refsource_DEBIAN |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2246-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0478",
"datePublished": "2014-06-17T14:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3634 (GCVE-0-2011-3634)
Vulnerability from cvelistv5 – Published: 2014-02-28 18:00 – Updated: 2024-08-06 23:37
VLAI
Summary
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1283-1 | vendor-advisoryx_refsource_UBUNTU |
| https://alioth.debian.org/plugins/scmgit/cgi-bin/… | x_refsource_CONFIRM |
| http://people.canonical.com/~ubuntu-security/cve/… | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bu… | x_refsource_CONFIRM |
Date Public
2011-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-28T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3634",
"datePublished": "2014-02-28T18:00:00.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1051 (GCVE-0-2013-1051)
Vulnerability from cvelistv5 – Published: 2013-03-21 17:00 – Updated: 2024-09-17 02:47
VLAI
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/91428 | vdb-entryx_refsource_OSVDB |
| http://www.ubuntu.com/usn/USN-1762-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/52633 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T17:00:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91428",
"refsource": "OSVDB",
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1051",
"datePublished": "2013-03-21T17:00:00.000Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:34.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27350 (GCVE-0-2020-27350)
Vulnerability from nvd – Published: 2020-12-10 04:05 – Updated: 2024-09-17 04:29
VLAI
Title
apt integer wraparound
Summary
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
Severity
5.7 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/usn/usn-4667-1 | x_refsource_MISC |
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4808 | vendor-advisoryx_refsource_DEBIAN |
| https://security.netapp.com/advisory/ntap-2021010… | x_refsource_CONFIRM |
Impacted products
Date Public
2020-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.2.32ubuntu0.2",
"status": "affected",
"version": "1.2.32ubuntu0",
"versionType": "custom"
},
{
"lessThan": "1.6.12ubuntu0.2",
"status": "affected",
"version": "1.6.12ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.2ubuntu0.2",
"status": "affected",
"version": "2.0.2ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.10ubuntu0.1",
"status": "affected",
"version": "2.1.10ubuntu0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:12.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "apt integer wraparound",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27350",
"STATE": "PUBLIC",
"TITLE": "apt integer wraparound"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.32ubuntu0",
"version_value": "1.2.32ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "1.6.12ubuntu0",
"version_value": "1.6.12ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.0.2ubuntu0",
"version_value": "2.0.2ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.10ubuntu0",
"version_value": "2.1.10ubuntu0.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4667-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27350",
"datePublished": "2020-12-10T04:05:18.456Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:18.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27351 (GCVE-0-2020-27351)
Vulnerability from nvd – Published: 2020-12-10 04:05 – Updated: 2024-09-16 22:15
VLAI
Title
Various memory and file descriptor leaks in apt-python
Summary
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
Severity
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC |
| https://usn.ubuntu.com/usn/usn-4668-1 | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4809 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | python-apt |
Affected:
1.1.0~beta1 , < 1.1.0~beta1ubuntu0.16.04.10
(custom)
Affected: 1.6.5ubuntu0 , < 1.6.5ubuntu0.4 (custom) Affected: 2.0.0ubuntu0 , < 2.0.0ubuntu0.20.04.2 (custom) Affected: 2.1.3ubuntu1 , < 2.1.3ubuntu1.1 (custom) |
Date Public
2020-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0~beta1ubuntu0.16.04.10",
"status": "affected",
"version": "1.1.0~beta1",
"versionType": "custom"
},
{
"lessThan": "1.6.5ubuntu0.4",
"status": "affected",
"version": "1.6.5ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.0ubuntu0.20.04.2",
"status": "affected",
"version": "2.0.0ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.3ubuntu1.1",
"status": "affected",
"version": "2.1.3ubuntu1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T11:06:07.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "Various memory and file descriptor leaks in apt-python",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27351",
"STATE": "PUBLIC",
"TITLE": "Various memory and file descriptor leaks in apt-python"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.0~beta1",
"version_value": "1.1.0~beta1ubuntu0.16.04.10"
},
{
"version_affected": "\u003c",
"version_name": "1.6.5ubuntu0",
"version_value": "1.6.5ubuntu0.4"
},
{
"version_affected": "\u003c",
"version_name": "2.0.0ubuntu0",
"version_value": "2.0.0ubuntu0.20.04.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.3ubuntu1",
"version_value": "2.1.3ubuntu1.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4668-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4809"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27351",
"datePublished": "2020-12-10T04:05:18.897Z",
"dateReserved": "2020-10-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:15:18.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3374 (GCVE-0-2011-3374)
Vulnerability from nvd – Published: 2019-11-25 23:13 – Updated: 2024-08-06 23:29
VLAI
Summary
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3374 | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-LINUX-APT-116518 | x_refsource_MISC |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_MISC |
| https://seclists.org/fulldisclosure/2011/Sep/221 | x_refsource_MISC |
| https://ubuntu.com/security/CVE-2011-3374 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "apt",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T12:30:35.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "apt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3374",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3374",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-APT-116518",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"name": "https://seclists.org/fulldisclosure/2011/Sep/221",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"name": "https://ubuntu.com/security/CVE-2011-3374",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3374",
"datePublished": "2019-11-25T23:13:02.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3462 (GCVE-0-2019-3462)
Vulnerability from nvd – Published: 2019-01-28 21:00 – Updated: 2024-09-16 16:32
VLAI
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Severity
No CVSS data available.
CWE
- Remote code execution in apt
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106690 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/3863-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3863-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2019/dsa-4371 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019012… | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/8338a0f605bd… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian GNU/Linux | apt as used in Debian Stretch and Ubuntu |
Affected:
1.4.8 and earlier
|
Date Public
2019-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt as used in Debian Stretch and Ubuntu",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "1.4.8 and earlier"
}
]
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution in apt",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T16:06:05.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2019-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt as used in Debian Stretch and Ubuntu",
"version": {
"version_data": [
{
"version_value": "1.4.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution in apt"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190125-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3462",
"datePublished": "2019-01-28T21:00:00.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:28.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0501 (GCVE-0-2018-0501)
Vulnerability from nvd – Published: 2018-08-21 00:00 – Updated: 2024-08-05 03:28
VLAI
Summary
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Severity
No CVSS data available.
CWE
- lack of signature verification
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://mirror.fail | x_refsource_MISC |
| https://usn.ubuntu.com/3746-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://salsa.debian.org/apt-team/apt/commit/aebd… | x_refsource_MISC |
| https://salsa.debian.org/apt-team/apt/commit/2965… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 |
Affected:
APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3
|
Date Public
2018-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
],
"datePublic": "2018-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lack of signature verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"version": {
"version_data": [
{
"version_value": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lack of signature verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mirror.fail",
"refsource": "MISC",
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2018-0501",
"datePublished": "2018-08-21T00:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:10.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1252 (GCVE-0-2016-1252)
Vulnerability from nvd – Published: 2017-12-05 16:00 – Updated: 2024-08-05 22:48
VLAI
Summary
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3733 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-3156-1 | vendor-advisoryx_refsource_UBUNTU |
| http://packetstormsecurity.com/files/140145/apt-R… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/40916/ | exploitx_refsource_EXPLOIT-DB |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bu… | x_refsource_CONFIRM |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
Date Public
2016-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3733",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"name": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1252",
"datePublished": "2017-12-05T16:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0490 (GCVE-0-2014-0490)
Vulnerability from nvd – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0490",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0489 (GCVE-0-2014-0489)
Vulnerability from nvd – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0489",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0488 (GCVE-0-2014-0488)
Vulnerability from nvd – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0488",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0487 (GCVE-0-2014-0487)
Vulnerability from nvd – Published: 2014-11-03 22:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61286 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61275 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2014-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0487",
"datePublished": "2014-11-03T22:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7206 (GCVE-0-2014-7206)
Vulnerability from nvd – Published: 2014-10-15 14:00 – Updated: 2024-08-06 12:40
VLAI
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61333 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-3048 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/61768 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/61158 | third-party-advisoryx_refsource_SECUNIA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70310 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-2370-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-7206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61158"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-7206",
"datePublished": "2014-10-15T14:00:00.000Z",
"dateReserved": "2014-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6273 (GCVE-0-2014-6273)
Vulnerability from nvd – Published: 2014-09-30 14:00 – Updated: 2024-08-06 12:10
VLAI
Summary
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2353-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/70075 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61710 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2014/dsa-3031 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/61605 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2353-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6273",
"datePublished": "2014-09-30T14:00:00.000Z",
"dateReserved": "2014-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0478 (GCVE-0-2014-0478)
Vulnerability from nvd – Published: 2014-06-17 14:00 – Updated: 2024-08-06 09:20
VLAI
Summary
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/58843 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/59358 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-2958 | vendor-advisoryx_refsource_DEBIAN |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2246-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0478",
"datePublished": "2014-06-17T14:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3634 (GCVE-0-2011-3634)
Vulnerability from nvd – Published: 2014-02-28 18:00 – Updated: 2024-08-06 23:37
VLAI
Summary
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1283-1 | vendor-advisoryx_refsource_UBUNTU |
| https://alioth.debian.org/plugins/scmgit/cgi-bin/… | x_refsource_CONFIRM |
| http://people.canonical.com/~ubuntu-security/cve/… | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bu… | x_refsource_CONFIRM |
Date Public
2011-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-28T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3634",
"datePublished": "2014-02-28T18:00:00.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1051 (GCVE-0-2013-1051)
Vulnerability from nvd – Published: 2013-03-21 17:00 – Updated: 2024-09-17 02:47
VLAI
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/91428 | vdb-entryx_refsource_OSVDB |
| http://www.ubuntu.com/usn/USN-1762-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/52633 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T17:00:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91428",
"refsource": "OSVDB",
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1051",
"datePublished": "2013-03-21T17:00:00.000Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:34.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}