CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15795 – python-apt uses MD5 for validation
https://notcve.org/view.php?id=CVE-2019-15795
23 Jan 2020 — python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt solo comprueba las cantidades MD5 de los archivos descargados en las funciones "Version.fetch_binary()... • https://usn.ubuntu.com/4247-1 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15796 – python-apt downloads from untrusted sources
https://notcve.org/view.php?id=CVE-2019-15796
23 Jan 2020 — Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt no comprueba si los hashes están firmados en las funciones "Version.fetch_binary()" y... • https://usn.ubuntu.com/4247-1 • CWE-287: Improper Authentication CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-14461 – Debian Security Advisory 4130-1
https://notcve.org/view.php?id=CVE-2017-14461
02 Mar 2018 — A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Un email especialmente manipulado enviado mediante SMTP y pasado a Dovecot, de MTA, puede desencadenar una lectura fuera de límites que resulta en la posible revelación de información sensible y una denegac... • http://www.securityfocus.com/bid/103201 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1322 – Ubuntu Security Notice USN-2581-1
https://notcve.org/view.php?id=CVE-2015-1322
28 Apr 2015 — Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). Vulnerabilidad de salto de directorio en el paquete network-manager de Ubuntu para Ubuntu (vivid) e... • http://www.ubuntu.com/usn/USN-2581-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1949 – Mandriva Linux Security Advisory 2015-162
https://notcve.org/view.php?id=CVE-2014-1949
16 Jan 2015 — GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. GTK+ 3.10.9 y anteriores, utilizado en cinnamon-screensaver, gnome-screensaver, y otras aplicaciones, permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la activación del botón del menú. Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An a... • http://advisories.mageia.org/MGASA-2014-0374.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1424 – Ubuntu Security Notice USN-2413-1
https://notcve.org/view.php?id=CVE-2014-1424
21 Nov 2014 — apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." apparmor_parser en el paquete apparmor anterior a 2.8.95~2430-0ubuntu5.1 en Ubuntu 14.04 permite a atacantes evadir las políticas AppArmor a través de vectores no especificados, relacionado con un 'fallo en miscompilación.' An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under certain circumst... • http://www.ubuntu.com/usn/USN-2413-1 • CWE-264: Permissions, Privileges, and Access Controls •