All the vulnerabilites related to debian - advanced_package_tool
cve-2012-0961
Vulnerability from cvelistv5
Published
2012-12-26 22:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56917 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/51568 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-1662-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://osvdb.org/88380 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-26T22:00:00Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "56917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"refsource": "OSVDB",
"url": "http://osvdb.org/88380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2012-0961",
"datePublished": "2012-12-26T22:00:00Z",
"dateReserved": "2012-02-01T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:35.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27351
Vulnerability from cvelistv5
Published
2020-12-10 04:05
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC | |
| https://usn.ubuntu.com/usn/usn-4668-1 | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4809 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical | python-apt |
Version: 1.1.0~beta1 < 1.1.0~beta1ubuntu0.16.04.10 Version: 1.6.5ubuntu0 < 1.6.5ubuntu0.4 Version: 2.0.0ubuntu0 < 2.0.0ubuntu0.20.04.2 Version: 2.1.3ubuntu1 < 2.1.3ubuntu1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0~beta1ubuntu0.16.04.10",
"status": "affected",
"version": "1.1.0~beta1",
"versionType": "custom"
},
{
"lessThan": "1.6.5ubuntu0.4",
"status": "affected",
"version": "1.6.5ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.0ubuntu0.20.04.2",
"status": "affected",
"version": "2.0.0ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.3ubuntu1.1",
"status": "affected",
"version": "2.1.3ubuntu1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T11:06:07",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "Various memory and file descriptor leaks in apt-python",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27351",
"STATE": "PUBLIC",
"TITLE": "Various memory and file descriptor leaks in apt-python"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.0~beta1",
"version_value": "1.1.0~beta1ubuntu0.16.04.10"
},
{
"version_affected": "\u003c",
"version_name": "1.6.5ubuntu0",
"version_value": "1.6.5ubuntu0.4"
},
{
"version_affected": "\u003c",
"version_name": "2.0.0ubuntu0",
"version_value": "2.0.0ubuntu0.20.04.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.3ubuntu1",
"version_value": "2.1.3ubuntu1.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4668-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"name": "DSA-4809",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4809"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4668-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27351",
"datePublished": "2020-12-10T04:05:18.897719Z",
"dateReserved": "2020-10-20T00:00:00",
"dateUpdated": "2024-09-16T22:15:18.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0488
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61286 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61275 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0488",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:18.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7206
Vulnerability from cvelistv5
Published
2014-10-15 14:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61333 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3048 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61768 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61158 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70310 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2370-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96951 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-7206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61158"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-7206",
"datePublished": "2014-10-15T14:00:00",
"dateReserved": "2014-09-27T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1829
Vulnerability from cvelistv5
Published
2011-07-27 01:29
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1169-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/48671 | vdb-entry, x_refsource_BID | |
| https://launchpad.net/bugs/784473 | x_refsource_CONFIRM | |
| http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68560 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog"
},
{
"name": "USN-1169-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1169-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra"
},
{
"name": "48671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/784473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz"
},
{
"name": "apt-gpg-security-bypass(68560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog"
},
{
"name": "USN-1169-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1169-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra"
},
{
"name": "48671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/784473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz"
},
{
"name": "apt-gpg-security-bypass(68560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68560"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog"
},
{
"name": "USN-1169-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1169-1"
},
{
"name": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra"
},
{
"name": "48671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48671"
},
{
"name": "https://launchpad.net/bugs/784473",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/784473"
},
{
"name": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz",
"refsource": "CONFIRM",
"url": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz"
},
{
"name": "apt-gpg-security-bypass(68560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68560"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-1829",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27350
Vulnerability from cvelistv5
Published
2020-12-10 04:05
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-4667-1 | x_refsource_MISC | |
| https://bugs.launchpad.net/bugs/1899193 | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4808 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.netapp.com/advisory/ntap-20210108-0005/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.2.32ubuntu0.2",
"status": "affected",
"version": "1.2.32ubuntu0",
"versionType": "custom"
},
{
"lessThan": "1.6.12ubuntu0.2",
"status": "affected",
"version": "1.6.12ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.0.2ubuntu0.2",
"status": "affected",
"version": "2.0.2ubuntu0",
"versionType": "custom"
},
{
"lessThan": "2.1.10ubuntu0.1",
"status": "affected",
"version": "2.1.10ubuntu0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2020-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:12",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
},
"title": "apt integer wraparound",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-12-09T00:00:00.000Z",
"ID": "CVE-2020-27350",
"STATE": "PUBLIC",
"TITLE": "apt integer wraparound"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.32ubuntu0",
"version_value": "1.2.32ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "1.6.12ubuntu0",
"version_value": "1.6.12ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.0.2ubuntu0",
"version_value": "2.0.2ubuntu0.2"
},
{
"version_affected": "\u003c",
"version_name": "2.1.10ubuntu0",
"version_value": "2.1.10ubuntu0.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kevin Backhouse"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4667-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"name": "https://bugs.launchpad.net/bugs/1899193",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"name": "DSA-4808",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4667-1",
"defect": [
"https://bugs.launchpad.net/bugs/1899193"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-27350",
"datePublished": "2020-12-10T04:05:18.456615Z",
"dateReserved": "2020-10-20T00:00:00",
"dateUpdated": "2024-09-17T04:29:18.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1051
Vulnerability from cvelistv5
Published
2013-03-21 17:00
Modified
2024-09-17 02:47
Severity ?
EPSS score ?
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/91428 | vdb-entry, x_refsource_OSVDB | |
| http://www.ubuntu.com/usn/USN-1762-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/52633 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T17:00:00Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91428",
"refsource": "OSVDB",
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1051",
"datePublished": "2013-03-21T17:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:47:34.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3587
Vulnerability from cvelistv5
Published
2012-06-19 20:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Jun/267 | mailing-list, x_refsource_FULLDISC | |
| http://www.ubuntu.com/usn/USN-1477-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-1475-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120612 Strange gpg key shadowing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120612 Strange gpg key shadowing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120612 Strange gpg key shadowing",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3587",
"datePublished": "2012-06-19T20:00:00Z",
"dateReserved": "2012-06-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:53.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0478
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/58843 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/59358 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2958 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2246-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "58843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58843"
},
{
"name": "59358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59358"
},
{
"name": "DSA-2958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"name": "USN-2246-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2246-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0478",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:18.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3462
Vulnerability from cvelistv5
Published
2019-01-28 21:00
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106690 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3863-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3863-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2019/dsa-4371 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20190125-0002/ | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Debian GNU/Linux | apt as used in Debian Stretch and Ubuntu |
Version: 1.4.8 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt as used in Debian Stretch and Ubuntu",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "1.4.8 and earlier"
}
]
}
],
"datePublic": "2019-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution in apt",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T16:06:05",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "106690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2019-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt as used in Debian Stretch and Ubuntu",
"version": {
"version_data": [
{
"version_value": "1.4.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution in apt"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106690"
},
{
"name": "USN-3863-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"name": "USN-3863-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name": "DSA-4371",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190125-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3462",
"datePublished": "2019-01-28T21:00:00Z",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-09-16T16:32:28.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0489
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61286 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61275 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0489",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:18.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1300
Vulnerability from cvelistv5
Published
2009-04-16 15:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34874 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2009/dsa-1779 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/34829 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2009/04/08/11 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/34832 | third-party-advisory, x_refsource_SECUNIA | |
| https://usn.ubuntu.com/762-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34874"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
},
{
"name": "[oss-security] 20090408 CVE request: apt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34832"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/762-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34874"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
},
{
"name": "[oss-security] 20090408 CVE request: apt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34832"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/762-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34874"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
},
{
"name": "DSA-1779",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34829"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
},
{
"name": "[oss-security] 20090408 CVE request: apt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
},
{
"name": "34832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34832"
},
{
"name": "USN-762-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/762-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1300",
"datePublished": "2009-04-16T15:00:00",
"dateReserved": "2009-04-16T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1358
Vulnerability from cvelistv5
Published
2009-04-21 23:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34874 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1779 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/34829 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34630 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34832 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/762-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50086 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/762-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/762-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34832"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/762-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1358",
"datePublished": "2009-04-21T23:00:00",
"dateReserved": "2009-04-21T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3374
Vulnerability from cvelistv5
Published
2019-11-25 23:13
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-3374 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-3374 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480 | x_refsource_MISC | |
| https://snyk.io/vuln/SNYK-LINUX-APT-116518 | x_refsource_MISC | |
| https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2011/Sep/221 | x_refsource_MISC | |
| https://ubuntu.com/security/CVE-2011-3374 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "apt",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T12:30:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "apt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3374",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3374",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-APT-116518",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"name": "https://seclists.org/fulldisclosure/2011/Sep/221",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"name": "https://ubuntu.com/security/CVE-2011-3374",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3374",
"datePublished": "2019-11-25T23:13:02",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0490
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61286 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61275 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0490",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:18.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1252
Vulnerability from cvelistv5
Published
2017-12-05 16:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2016/dsa-3733 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-3156-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/40916/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467 | x_refsource_CONFIRM | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3733",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"name": "USN-3156-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"name": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"name": "40916",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1252",
"datePublished": "2017-12-05T16:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0487
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61286 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61275 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-2348-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3025 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T21:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0487",
"datePublished": "2014-11-03T22:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T09:20:18.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3634
Vulnerability from cvelistv5
Published
2014-02-28 18:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1283-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD | x_refsource_CONFIRM | |
| http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-28T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3634",
"datePublished": "2014-02-28T18:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6273
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2353-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/70075 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/61710 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96151 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2014/dsa-3031 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61605 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "USN-2353-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2353-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name": "70075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name": "61710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61710"
},
{
"name": "apt-cve20146273-bo(96151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name": "DSA-3031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name": "61605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6273",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0954
Vulnerability from cvelistv5
Published
2012-06-19 20:00
Modified
2024-09-16 20:13
Severity ?
EPSS score ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Jun/271 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/54046 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2012/Jun/267 | mailing-list, x_refsource_FULLDISC | |
| http://www.ubuntu.com/usn/USN-1477-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-1475-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2012/Jun/289 | mailing-list, x_refsource_FULLDISC | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120614 Using second gpg keyring may be misleading?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"name": "54046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54046"
},
{
"name": "20120612 Strange gpg key shadowing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"name": "20120615 ubuntu apt-key (part 3)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T20:00:00Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "20120614 Using second gpg keyring may be misleading?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"name": "54046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54046"
},
{
"name": "20120612 Strange gpg key shadowing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"name": "20120615 ubuntu apt-key (part 3)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120614 Using second gpg keyring may be misleading?",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"name": "54046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54046"
},
{
"name": "20120612 Strange gpg key shadowing",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"name": "USN-1477-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"name": "USN-1475-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"name": "20120615 ubuntu apt-key (part 3)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2012-0954",
"datePublished": "2012-06-19T20:00:00Z",
"dateReserved": "2012-02-01T00:00:00Z",
"dateUpdated": "2024-09-16T20:13:26.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0501
Vulnerability from cvelistv5
Published
2018-08-21 00:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mirror.fail | x_refsource_MISC | |
| https://usn.ubuntu.com/3746-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47 | x_refsource_MISC | |
| https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 |
Version: APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:10.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
],
"datePublic": "2018-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "lack of signature verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3",
"version": {
"version_data": [
{
"version_value": "APT 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lack of signature verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mirror.fail",
"refsource": "MISC",
"url": "https://mirror.fail"
},
{
"name": "USN-3746-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"name": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2018-0501",
"datePublished": "2018-08-21T00:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:10.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-10-15 14:55
Modified
2024-11-21 02:16
Severity ?
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC8B26-1346-4622-8BFB-2AF7A1BEDD8E",
"versionEndIncluding": "1.0.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C7BF1-F191-40F2-8247-916F1AB07FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto3:*:*:*:*:*:*",
"matchCriteriaId": "06A404D3-1A48-4AAE-A2C7-399F84D35C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto4:*:*:*:*:*:*",
"matchCriteriaId": "4BC51119-7345-4065-8BB6-74F641E4E152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto5:*:*:*:*:*:*",
"matchCriteriaId": "43493B4D-F0AE-4B7A-8729-2DFC5FF30F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0041B2D4-89F7-4A48-9026-779E7DDC0763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
},
{
"lang": "es",
"value": "El comando \u0027changelog\u0027 en Apt anterior a 1.0.9.2 permite a usuarios locales escribir ficheros arbitrarios a trav\u00e9s de un ataque de enlaces simb\u00f3licos en el fichero \u0027changelog\u0027."
}
],
"id": "CVE-2014-7206",
"lastModified": "2024-11-21T02:16:32.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-15T14:55:09.073",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61158"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61333"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61768"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2024-11-21 02:02
Severity ?
Summary
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 1.0.3 | |
| debian | advanced_package_tool | 1.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D0444-F401-4A5A-9825-8CEECF37CFE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE05C16-DD11-4B09-A617-0C23D4A47D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data."
},
{
"lang": "es",
"value": "APT anterior a 1.0.9 no \u0027invalida los datos del repositorio\u0027 cuando se traslada de un estado no autenticado a uno autenticado, lo que permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de datos del repositorio manipulados."
}
],
"id": "CVE-2014-0488",
"lastModified": "2024-11-21T02:02:14.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:07.350",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2024-11-21 02:02
Severity ?
Summary
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 1.0.3 | |
| debian | advanced_package_tool | 1.0.5 | |
| debian | advanced_package_tool | 1.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D0444-F401-4A5A-9825-8CEECF37CFE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D2D0DC-5985-4C92-85FE-DE73082F89DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE05C16-DD11-4B09-A617-0C23D4A47D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
},
{
"lang": "es",
"value": "APT anterior a 1.0.9, cunado la opci\u00f3n Acquire::GzipIndexes est\u00e1 habilitada, no valida checksums, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2014-0489",
"lastModified": "2024-11-21T02:02:14.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:07.397",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-26 22:55
Modified
2024-11-21 01:36
Severity ?
Summary
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 0.8.16 | |
| debian | apt | 0.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36B518E8-B14B-4DC2-9437-3E69108BA40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC20104F-BDF2-4C4F-A99E-014CE23187FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
},
{
"lang": "es",
"value": "Apt v0.8.16~exp5ubuntu13.x antes de v0.8.16~exp5ubuntu13.6, v0.8.16~exp12ubuntu10.x antes de v0.8.16v0.8.16~exp12ubuntu10.7 y v0.9.7.5ubuntu5.x antes de v0.9.7.5ubuntu5.2, tal y como se usa en Ubuntu, usa permisos de lectura para todo el mundo en /var/log/apt/term.log lo que permite a usuarios locales obtener informaci\u00f3n sensible de la shell leyendo el archivo de registro.\r\n"
}
],
"id": "CVE-2012-0961",
"lastModified": "2024-11-21T01:36:03.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-26T22:55:02.847",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://osvdb.org/88380"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51568"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-10 04:15
Modified
2024-11-21 05:21
Severity ?
2.0 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L
2.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
2.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Summary
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 16.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 18.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 20.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 20.10 | |
| debian | advanced_package_tool | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1CD972-BF6E-437D-BD7A-9C6E1649E05E",
"versionEndExcluding": "1.1.0\\~beta1ubuntu0.16.04.10",
"versionStartIncluding": "1.1.0\\~beta1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46110C63-28BC-4CAC-9D26-D5CEE0042A54",
"versionEndExcluding": "1.6.5ubuntu0.4",
"versionStartIncluding": "1.6.5ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE283A5-3974-4B01-9BAC-940B32714D9F",
"versionEndExcluding": "2.0.0ubuntu0.20.04.2",
"versionStartIncluding": "2.0.0ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496C03D7-3211-47CE-996F-AE031900B54C",
"versionEndExcluding": "2.1.30ubuntu1.1",
"versionStartIncluding": "2.1.3ubuntu1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3AAC-C147-4A31-95E7-6E8A6FB4B3FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A03A663-BC84-47BE-90DA-09753C3F44FE",
"versionEndExcluding": "1.8.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;"
},
{
"lang": "es",
"value": "Se encontraron varios filtrados de memoria y descriptores de archivos en los archivos python/arfile.cc, python/tag.cc, python/tarfile.cc, tambi\u00e9n se conoce como GHSL-2020-170.\u0026#xa0;Este problema afecta a: python-apt versiones 1.1.0~beta1 anteriores a 1.1.0~beta1ubuntu0.16.04.10; versiones 1.6.5ubuntu0 anteriores a 1.6.5ubuntu0.4; versiones 2.0.0ubuntu0 anteriores a 2.0.0ubuntu0.20.04.2; versiones 2.1.3ubuntu1 anteriores a 2.1.3ubuntu1.1;"
}
],
"id": "CVE-2020-27351",
"lastModified": "2024-11-21T05:21:03.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-10T04:15:11.547",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Broken Link"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4668-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4809"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-05 16:29
Modified
2024-11-21 02:46
Severity ?
Summary
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACF9D91-F607-4A94-936D-F840D44486FC",
"versionEndExcluding": "1.0.9.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures."
},
{
"lang": "es",
"value": "El paquete apt, en Debian jessie en versiones anteriores a la 1.0.9.8.4; Debian inestable en versiones anteriores a la 1.4~beta2; Ubuntu 14.04 LTS en versiones anteriores a la 1.0.1ubuntu2.17; Ubuntu 16.04 LTS en versiones anteriores a la 1.2.15ubuntu0.2 y en Ubuntu 16.10 en versiones anteriores a la 1.3.2ubuntu0.1, permite que atacantes Man-in-the-Middle (MitM) eludan un mecanismo de protecci\u00f3n de firma de repositorios aprovechando la manipulaci\u00f3n indebida de errores al validar las firmas de archivos InRelease."
}
],
"id": "CVE-2016-1252",
"lastModified": "2024-11-21T02:46:02.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-05T16:29:00.203",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40916/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3156-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40916/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-28 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | active_iq | - | |
| netapp | element_software | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2FC6D4-6A3E-448B-84F7-027BDAC1FEAF",
"versionEndExcluding": "1.2.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80E371D4-8F2B-41C2-A7CE-E5F93C72B8D6",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF29713A-2852-4E3D-9666-4001C7E8B667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
},
{
"lang": "es",
"value": "El saneamiento incorrecto de un campo de redirecci\u00f3n 302 en el m\u00e9todo HTTP \"transport\" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyecci\u00f3n de contenido por parte de un atacante MITM, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo en el equipo objetivo."
}
],
"id": "CVE-2019-3462",
"lastModified": "2024-11-21T04:42:05.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-28T21:29:00.300",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"source": "security@debian.org",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3863-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3863-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4371"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2024-11-21 02:02
Severity ?
Summary
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 1.0.3 | |
| debian | advanced_package_tool | 1.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D0444-F401-4A5A-9825-8CEECF37CFE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE05C16-DD11-4B09-A617-0C23D4A47D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "APT anterior a 1.0.9 no verifica ficheros descargados si han sido modificados como indica utilizando la cabecera If-Modified-Since, lo que tiene un impacto y vectores de ataque no especificados."
}
],
"id": "CVE-2014-0487",
"lastModified": "2024-11-21T02:02:14.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:07.303",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-19 20:55
Modified
2024-11-21 01:36
Severity ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*",
"matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*",
"matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*",
"matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*",
"matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "189E20DE-EEFB-488A-B741-4BC80CF553B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D80D63-6971-4CC7-A9A8-D9D05767F60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "58F88656-5BF9-4D51-9C37-26E9685484F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB74135-2BB7-42F7-99CB-AFF0B811B66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1B025168-8319-45C2-82BC-97EBD5EE563E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "225275E2-3E9E-48FE-A2FF-9FE37A67E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA2183D-7D9E-4841-A1C9-B843AF3A03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A629D58-017D-4F27-B286-42094C727822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9817661D-CACE-4D81-9432-2CDE5A51F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A65066-5A1A-4091-9219-6060A662653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9793E4BB-5969-45DB-B9F6-29CB9C98D559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7427F24E-D3CB-498E-8695-9FC40546CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8FE33-63BC-4145-A6CA-90A61CB81AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08C018A3-012C-4790-9D09-36661549A6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "406C6D95-53B7-4950-83C5-4C27E755F24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "64C1D283-9326-4A6E-9529-BA8D26A36CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "1784FE65-DAE2-4E97-96A3-9A1835040245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "6368BAB5-D44D-42B3-B5F7-E343E1101CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C252C-76F7-492F-AFFB-3BE2A63EE22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "233F5902-0AF1-4417-8C97-34C9B64C09AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D613D7E-4456-4F47-9F13-F5D746F8715B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBD6821-E6C3-4F76-89C9-19478D8EB13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7D4F82-45B9-4FC9-85C5-3F5E3966A243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "475F9461-71F5-4E01-9399-E0413390A423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587."
},
{
"lang": "es",
"value": "APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes alterados a trav\u00e9s de un ataque man-in-the-middle (MITM). NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2012-3587."
}
],
"id": "CVE-2012-0954",
"lastModified": "2024-11-21T01:36:02.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-19T20:55:05.380",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/54046"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-16 15:12
Modified
2024-11-21 01:02
Severity ?
Summary
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 0.7.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight."
},
{
"lang": "es",
"value": "apt 0.7.20 no comprueba si el comando \"date\" devuelve un error de \"invalid date\" (fecha no v\u00e1lida) que puede prevenir a apt de la carga de actualizaciones de seguridad en zonas horarias para las cuales DST se produce a medianoche."
}
],
"id": "CVE-2009-1300",
"lastModified": "2024-11-21T01:02:08.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-16T15:12:57.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/762-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/762-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2024-11-21 02:02
Severity ?
Summary
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| debian | advanced_package_tool | 1.0.3 | |
| debian | advanced_package_tool | 1.0.4 | |
| debian | advanced_package_tool | 1.0.5 | |
| debian | advanced_package_tool | 1.0.6 | |
| debian | advanced_package_tool | 1.0.7 | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D494E62-30B6-4C8B-B738-4C7387BEEDDC",
"versionEndIncluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D0444-F401-4A5A-9825-8CEECF37CFE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A07B36A9-6A7C-44EC-A2EC-0ADF6382FE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D2D0DC-5985-4C92-85FE-DE73082F89DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "556CF838-1C75-44A9-B484-31FABC3AA6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE05C16-DD11-4B09-A617-0C23D4A47D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package."
},
{
"lang": "es",
"value": "El comando de descarga apt-get en APT anterior a 1.0.9 no valida debidamente las firmas para paquetes, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2014-0490",
"lastModified": "2024-11-21T02:02:14.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:07.447",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3025"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2024-11-21 02:14
Severity ?
Summary
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C857128-D713-4C27-9570-D3C0B6AFA79F",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el c\u00f3digo de transporte HTTP en apt-get en APT 1.0.1 y anteriores permite a atacantes man-in-the-middle causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6273",
"lastModified": "2024-11-21T02:14:04.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-30T14:55:11.517",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61605"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61710"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2024-11-21 02:02
Severity ?
Summary
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922AE2B6-81C1-4B86-A678-B2157A1CBC10",
"versionEndIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature."
},
{
"lang": "es",
"value": "APT anterior a 1.0.4 no valida debidamente paquetes de fuentes, lo que permite a atacantes man-in-the-middle descargar e instalar paquetes de caballos de troya mediante la eliminaci\u00f3n de la firma Release."
}
],
"id": "CVE-2014-0478",
"lastModified": "2024-11-21T02:02:13.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:06.047",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/58843"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/59358"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2246-1"
},
{
"source": "security@debian.org",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2246-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-21 23:30
Modified
2024-11-21 01:02
Severity ?
Summary
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5915EA2-9710-4CCC-A16A-EABD1D34A9C3",
"versionEndIncluding": "0.7.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*",
"matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*",
"matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*",
"matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*",
"matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E67027C4-0C37-4715-9EE6-BBE71C8A4CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7BB47-916D-40AB-9B6C-DBBCB8CC8F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "862E6716-C665-43E9-9245-E0FABC095CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63B043A4-EC4C-4A30-ABA3-CE63934C06CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD74BC2-9B95-4E0E-B7A9-62C97464443A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "15861FDD-ED4A-4407-B7DF-6AAC25C3AC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05D0D36A-F149-4733-BC75-B6EF39FD9C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "10450117-95E5-43EF-8BAE-56D403C27E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B1CAB4-EF19-419E-AE59-950F4C64CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "27DC4956-E0D1-451C-AECA-6C5629DD1A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DB54FAC9-4300-4C91-98A8-7AA075B68E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5ED2CB-2603-42BE-A067-738E76E52687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "181924A3-71DD-46A2-BAD4-6D4734DDD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.13-bo1:*:*:*:*:*:*:*",
"matchCriteriaId": "4955663F-A699-428D-9995-21ED69331F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91513D-3AEB-440E-BDD2-8D2FE1D6AD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1410E630-2E45-4AC0-B5F9-96839957C8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15-0.1bo:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC38E9-FBFE-4972-80FA-D7F5D9169B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15-0.2bo:*:*:*:*:*:*:*",
"matchCriteriaId": "78C6533A-C6DA-4E45-BB5F-44B7C4ADEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.16-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF482CC-3A0A-4178-9ADD-57C8BFD5050E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB97D09E-80A1-4819-8496-AA5D4BCB9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3229262-E656-46EB-8880-B24F73C90509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81B47A64-8339-4A26-8AF5-D8CE90293F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D5E1D8-EC66-495D-BBBC-78D535635F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2593C2F6-54E2-4311-B0A6-6E5E80B99A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E18DAF1F-2FFA-4C12-93A4-5417C5C25E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A2315F-0591-4CB7-AFD1-ADC8BF1C87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5ED765-9C72-4334-91E0-4BB0A15381DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "185A3B86-2261-488F-B1CA-03E9B42D94DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C98BE1A-0B65-44CD-ABDC-7CAA5D595797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B883322-F944-4FFC-B9D8-B1C289EA6C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC159F3-A216-45B8-A547-174ABABC953B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56E1C9D0-5CDB-4DB2-A757-FCA31D1D591F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D9BFD0-E308-44E8-A7C7-4699A2510A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72875923-4ACB-4B08-B52F-D9BA45CA8D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE3B58F-BD33-452A-BD4D-D0D023E1F8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F2E2D4-CDEA-4D26-869A-C32C97A53D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "015691AF-BFD4-4ED0-873A-5D23F9194D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "699D019F-2924-4AE5-A833-92E46BA4AF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD22F86-65A4-4B63-AEA3-77CD2DEF589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8FF5D4-493B-42DE-8DAA-BF6BDE3B5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5AF288-9358-40BF-9A71-99C983713F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7995C830-651D-46E9-AE53-2D73CB1575A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F31AEB78-1DA5-4583-B865-1F74C0DE364E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A64810-DB07-4600-9968-052703A01B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B0F899-EF61-4B2B-81A3-932D5B8786EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCF1902-FD1C-4AA2-86BE-1374A5677C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32B29CF3-9B80-4626-9785-73446E3DA300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F384C461-0A0B-4A3A-A944-51C7282CE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB2D223-5C72-4728-8628-C692E59155DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3776D2F0-5551-4B0D-B5B6-A6306E1052CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE504A04-16EA-421F-A01E-FCCAFC9D2971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F68E822C-189B-4F90-8D06-92E1E64E1C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1B686-013D-44A2-A9D5-52D913C28236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C7B1EB-B9B6-4E04-A14B-A7ADAF282EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "863AD8F9-1BC2-4CCE-962D-C9E77FD5C61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7529570E-6563-4A7D-A493-A557583481AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ECE94E-D866-435A-A54C-B6B90E8149E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1D9284-EEF8-49B6-AAD1-826695148720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C391EB0-E875-4B9E-BF0A-285B91961EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "44311E97-AF64-4181-A52F-9F66F9F250C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D98750AF-DCD0-4B5F-82E2-911FB3F72BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0D02B8-2DC4-4ECD-B846-EEEF13BFA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5A25EFC1-758B-4F81-A07B-10807674D94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9C27EE-F6AA-400B-AFDE-6AFD5988685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6473F0E9-C55E-4687-B57C-5A2B9CA5DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5CFA4C36-68E3-4586-B715-86FCC0C934FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AED45163-C060-4884-90D6-32DCCB3FC907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5643C7-7519-4C86-A962-541057765FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A8669B-1746-439D-B592-BFD9FDCAF384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "17F14B17-32E2-420A-99F5-E5E4729D73AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A0ED4A-58FB-4F7B-AEF4-482AC4DDAFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F11B9294-7C52-4E64-A8D8-F1A36A9B3AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FBA9CD-AF6B-4EE8-A4D4-5ED9FEF560D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BB811-8AFE-4ADC-9790-A72B64614FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7CF6C2-B787-4DB3-AF77-B69C25ED94E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B478DB-912F-4563-A058-C4671BA8D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "B061E3B1-9865-4730-BB64-5B727C28B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "A4FCC9BF-91E0-4E51-B071-A4A80C3D50E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5A7027-0C72-4C98-A20F-F176D2CA783C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "9128231B-2EE4-49CE-93BB-E1569F997C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD12618-EADC-4C62-9844-B13D42F48873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BAFCE-3B0F-46C5-A0F3-FA10795F94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6EE25-34B0-44A7-9E0B-85420BA23A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBBC666-27DA-482D-AEFF-2158965A9A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130388-E8CD-48E6-BBB3-9555CDF41ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46311A8F-B75F-497B-8B9D-3912437BC300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5FAC29-BDBC-44A4-9B3A-54D335D66315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4606D3C-3956-4028-9B3C-38D89E5C3732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1631B320-1ADA-4D92-889A-27802AA289CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A32DEA0-0410-4D7F-8B20-35B76B8542B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2BF13-3509-449D-BCD7-626DA16E333C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8931C487-7B01-46B4-AAC7-959E286D796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1DD0BF-6581-4269-90E3-D7FD14ACC542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C379EA2E-90F0-4B2E-8F6F-B2DA7259CD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CF91FC-A3B4-4507-A225-49A27EE451EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962509-53B4-402E-AA1E-77C7C5D54452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "65345737-6DD6-4971-8A24-209C6EFBEC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDAC7AC-A0FB-4B0F-9DF9-BAA1C6C2E224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDE8307-9EBB-461D-8802-516599DD3D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4BEB2-98AE-4834-BD6C-7E41EA0F08E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "66EFD81E-7B6B-48C2-B8A2-B803C1347EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7F566F-700E-411D-B0C7-CF9BC30FAD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AB94CAF2-2C59-43D5-A5BE-BAE3D44B94D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7550CF30-596C-4C46-9928-99D1F091982B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4D74FEBE-5BA7-4907-ADBE-21BC4A73F2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08025BA8-8DB2-4A63-BE31-4BC7626CF247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "C33D9E60-633B-48A9-AC9D-FDDB6FF39440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "C745117D-546B-451F-9839-2AA56AC10AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "7A29168F-B7BD-460E-91D7-143B243BC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu3:*:*:*:*:*:*",
"matchCriteriaId": "ED3AB78A-864E-4F5A-827B-F0AFD503F22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu4:*:*:*:*:*:*",
"matchCriteriaId": "AB2659B2-7D6B-4FB8-A941-DD313544ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADA767C-A9C7-4592-9633-54EB71F07793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F063F513-7F04-49B9-BCAA-69261841B8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4751E4B9-B89F-49D4-8E72-534AEFE57F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BC64ABF1-F116-4510-B279-84C28405D809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1686258C-4378-47BA-9811-8B6863FAF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD2A6B-A393-4435-9958-2A01DEE48DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE7BEE8-10F8-4735-A204-738AAA0C3038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CA66AB92-12CA-4B8D-8BAB-7DA45A4EF9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "BC226131-5C53-4829-B125-AFB8111A3774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.36:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "DE6C9C14-C804-47F1-97CE-CA2FF3287DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3454FE-522A-42C0-8CA7-21AE8EAC9437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "15B6CBB7-4870-4A82-9B6A-30A34EA54E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "346E9720-D787-4BE7-9F33-D5FFE30C7B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "78B0FB1A-48C0-4455-9109-7A8F60B99DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6CCB50-D360-4AB2-90D5-C3FCF506D31C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0E1794-C19A-4779-8CD5-C10DA67F6DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF9067-3A57-41C3-A326-19A2A1FC5291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD24204-9DE1-498B-8CF7-23234B3DC517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "411547FE-D995-488F-A07D-018FFB4DCF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D748634E-B7D1-4E1F-8951-E5B1FC64D9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E5219-4BC1-45CE-A225-21C2C3E3D212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1D550-8384-40EC-827C-2433E3BA71CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D705912-ADE8-4BF6-B367-AB1699E17B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C709AC5-2A55-4917-AD18-3E313A9B3F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "913E6EE4-D94B-4B0D-8F5C-637CD23ABBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26A78B-E7B7-481D-9C0F-888E322CF7FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.1-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43BB1F89-B225-49B8-922F-AA93404D9102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C482A979-497D-40D0-A606-21B2E1803BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.2:exp1:*:*:*:*:*:*",
"matchCriteriaId": "E923935B-F81D-4BC5-9C01-06612159C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "18A6960B-7B34-43D8-8E86-F2E6FCA91E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF6B94-521C-4B51-8F60-9CEF723978C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFEBB7C-4E56-4A92-BFD3-8D10E739B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2764CB-AE41-4435-A459-9227B6E670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E28D5396-5378-46D3-A46A-CC77A02A6ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAA97B2-1072-4080-A341-64C00DAED664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3-0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BEB024-66AD-4B5A-A61E-82543767400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.4-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A77824A3-F70D-4AA2-93D3-7BE6E6A12616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5D42EE-C68F-4BCC-AF01-5AE9EF107DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DB0DE2-C967-4DCA-A3B4-2F235371993B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA862B0-D7DB-44D7-A669-66357DC46AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1464B59B-72A7-4328-A6BA-D60153C226AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3B7EBB-BDE5-4091-8FE5-05965656912F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48005163-3A91-4F5D-B2E5-9A7B691713C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "335B661E-7912-4E16-B6B2-18A111C23D1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
},
{
"lang": "es",
"value": "apt-get in apt anterior a 0.7.21 no comprueba adecuadamente el error de codigo en gpgv, lo que hace que apt utilice un repositorio firmado con una clave que ha sido revocada o ha caducado, lo que permite a atacantes remotos enga\u00f1ar a apt en la instlacion de repositorios maliciosos."
}
],
"id": "CVE-2009-1358",
"lastModified": "2024-11-21T01:02:16.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-21T23:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/762-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/762-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 17:55
Modified
2024-11-21 01:48
Severity ?
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 0.8.16 | |
| debian | apt | 0.9.7 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36B518E8-B14B-4DC2-9437-3E69108BA40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC20104F-BDF2-4C4F-A99E-014CE23187FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
},
{
"lang": "es",
"value": "apt v0.8.16, v0.9.7 y posiblemente otras versiones no trata correctamente los archivos InRelease, lo que permite man-in-the-middle atacantes para modificar los paquetes antes de la instalaci\u00f3n a trav\u00e9s de vectores desconocidos, posiblemente relacionadas con la comprobaci\u00f3n de la integridad y el uso de terceros repositorios del partido."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1762-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n\"",
"id": "CVE-2013-1051",
"lastModified": "2024-11-21T01:48:49.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T17:55:01.070",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://osvdb.org/91428"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52633"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-10 04:15
Modified
2024-11-21 05:21
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Summary
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 16.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 18.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 20.04 | |
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 20.10 | |
| debian | advanced_package_tool | * | |
| debian | debian_linux | 10.0 | |
| netapp | solidfire_baseboard_management_controller_firmware | - | |
| netapp | solidfire_baseboard_management_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "839A276F-A612-435F-8B32-9CD0881A703F",
"versionEndExcluding": "1.2.32ubuntu0.2",
"versionStartIncluding": "1.2.32ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32808FF1-724F-42B2-8720-F03F2DCB87E8",
"versionEndExcluding": "1.6.12ubuntu0.2",
"versionStartIncluding": "1.6.12ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E29564-98E9-4F1E-B86C-7F835BDF47CF",
"versionEndExcluding": "2.0.2ubuntu0.2",
"versionStartIncluding": "2.0.2ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "423237C5-087E-4E29-8B3B-D7121302E698",
"versionEndExcluding": "2.1.10ubuntu0.2",
"versionStartIncluding": "2.1.10ubuntu0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3AAC-C147-4A31-95E7-6E8A6FB4B3FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91DB2AC6-4123-412A-BBCB-C8545A292E30",
"versionEndExcluding": "1.8.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"
},
{
"lang": "es",
"value": "APT tuvo varios desbordamientos y subdesbordamientos de enteros al analizar paquetes .deb, tambi\u00e9n se conocen como GHSL-2020-168 GHSL-2020-169, en los archivos apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc.\u0026#xa0;Este problema afecta: apt versiones 1.2.32ubuntu0 anteriores a 1.2.32ubuntu0.2; versiones 1.6.12ubuntu0 anteriores a 1.6.12ubuntu0.2; versiones 2.0.2ubuntu0 anteriores a 2.0.2ubuntu0.2; versiones 2.1.10ubuntu0 anteriores a 2.1.10ubuntu0.1;"
}
],
"id": "CVE-2020-27350",
"lastModified": "2024-11-21T05:21:02.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 3.7,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-10T04:15:11.423",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Broken Link"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://bugs.launchpad.net/bugs/1899193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4667-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4808"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-01 00:55
Modified
2024-11-21 01:30
Severity ?
Summary
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| debian | advanced_package_tool | 0.8.0 | |
| debian | advanced_package_tool | 0.8.0 | |
| debian | advanced_package_tool | 0.8.0 | |
| debian | advanced_package_tool | 0.8.1 | |
| debian | advanced_package_tool | 0.8.10 | |
| debian | advanced_package_tool | 0.8.10.1 | |
| debian | advanced_package_tool | 0.8.10.2 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E71A5-50D2-49AD-BAB0-9C5AEB7A6CCE",
"versionEndIncluding": "0.8.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
},
{
"lang": "es",
"value": "methods/https.cc en apt anterior a 0.8.11 acepta conexiones cuando el nombre de host del certificado falla la validaci\u00f3n y Verify-Host est\u00e1 habilitado, lo que permite a atacantes man-in-the-middle obtener credenciales de repositorios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3634",
"lastModified": "2024-11-21T01:30:53.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-01T00:55:04.857",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"source": "secalert@redhat.com",
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 00:15
Modified
2024-11-21 01:30
Severity ?
Summary
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCF96F5-95F7-4E18-994D-98D3CD0F7E6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
},
{
"lang": "es",
"value": "Se encontr\u00f3 que apt-key en apt, todas las versiones, no comprueban correctamente las claves gpg con el llavero maestro, lo que conlleva a un potencial ataque de tipo man-in-the-middle."
}
],
"id": "CVE-2011-3374",
"lastModified": "2024-11-21T01:30:22.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T00:15:11.030",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-19 20:55
Modified
2024-11-21 01:41
Severity ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*",
"matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*",
"matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*",
"matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*",
"matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "189E20DE-EEFB-488A-B741-4BC80CF553B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D80D63-6971-4CC7-A9A8-D9D05767F60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "58F88656-5BF9-4D51-9C37-26E9685484F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB74135-2BB7-42F7-99CB-AFF0B811B66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1B025168-8319-45C2-82BC-97EBD5EE563E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "225275E2-3E9E-48FE-A2FF-9FE37A67E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA2183D-7D9E-4841-A1C9-B843AF3A03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A629D58-017D-4F27-B286-42094C727822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9817661D-CACE-4D81-9432-2CDE5A51F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A65066-5A1A-4091-9219-6060A662653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9793E4BB-5969-45DB-B9F6-29CB9C98D559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7427F24E-D3CB-498E-8695-9FC40546CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8FE33-63BC-4145-A6CA-90A61CB81AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08C018A3-012C-4790-9D09-36661549A6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "406C6D95-53B7-4950-83C5-4C27E755F24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "64C1D283-9326-4A6E-9529-BA8D26A36CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "1784FE65-DAE2-4E97-96A3-9A1835040245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "6368BAB5-D44D-42B3-B5F7-E343E1101CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C252C-76F7-492F-AFFB-3BE2A63EE22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "233F5902-0AF1-4417-8C97-34C9B64C09AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D613D7E-4456-4F47-9F13-F5D746F8715B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBD6821-E6C3-4F76-89C9-19478D8EB13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7D4F82-45B9-4FC9-85C5-3F5E3966A243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "475F9461-71F5-4E01-9399-E0413390A423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."
},
{
"lang": "es",
"value": "APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes de caballos de troya a trav\u00e9s de un ataque man-in-the-middle (MITM)."
}
],
"id": "CVE-2012-3587",
"lastModified": "2024-11-21T01:41:11.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-19T20:55:08.007",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-27 02:55
Modified
2024-11-21 01:27
Severity ?
Summary
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | * | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36362F14-3D29-4012-B3C7-01576EE4A295",
"versionEndExcluding": "0.8.15.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message."
},
{
"lang": "es",
"value": "APT en versiones anteriores a la 0.8.15.2 no valida apropiadamente las firmas GPG adjuntas (\"inline\"), lo que permite atacantes de hombre en el medio (\"man-in-the-middle\") instalar paquetes modificados a trav\u00e9s de vectores que involucran la falta de un mensaje inicial \"clearsigned\" (firmado en claro)."
}
],
"id": "CVE-2011-1829",
"lastModified": "2024-11-21T01:27:07.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-27T02:55:01.540",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz"
},
{
"source": "security@ubuntu.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48671"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1169-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68560"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/784473"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/48671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1169-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/784473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-21 00:29
Modified
2024-11-21 03:38
Severity ?
Summary
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@debian.org | https://mirror.fail | Third Party Advisory, URL Repurposed | |
| security@debian.org | https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec | Patch, Third Party Advisory | |
| security@debian.org | https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47 | Patch, Third Party Advisory | |
| security@debian.org | https://usn.ubuntu.com/3746-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mirror.fail | Third Party Advisory, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3746-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 18.04 | |
| debian | advanced_package_tool | * | |
| debian | advanced_package_tool | 1.7.0 | |
| debian | advanced_package_tool | 1.7.0 | |
| debian | advanced_package_tool | 1.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A029D3-078F-44FF-A4EC-1DA371F72655",
"versionEndExcluding": "1.6.4",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.7.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "2C2085D0-86E5-4A74-9195-A04D406BC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.7.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "1BA098B2-CF1F-4951-8093-1FB0CA6825E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.7.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "E518DCA9-523F-4096-9F79-A313A6E46ADD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del m\u00e9todo mirror:// en Advanced Package Tool (APT) en versiones 1.6.x anteriores a la 1.6.4 y 1.7.x anteriores a la 1.7.0~alpha3 maneja de manera incorrecta la verificaci\u00f3n de firmas gpg para el archivo InRelease de un clon fallback, tambi\u00e9n conocido como mirrorfail."
}
],
"id": "CVE-2018-0501",
"lastModified": "2024-11-21T03:38:21.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T00:29:00.227",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://mirror.fail"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3746-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://mirror.fail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3746-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}