Page 2 of 19 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. APT anterior a 1.0.9 no verifica ficheros descargados si han sido modificados como indica utilizando la cabecera If-Modified-Since, lo que tiene un impacto y vectores de ataque no especificados. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. APT anterior a 1.0.9 no 'invalida los datos del repositorio' cuando se traslada de un estado no autenticado a uno autenticado, lo que permite a atacantes remotos tener un impacto no especificado a través de datos del repositorio manipulados. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. APT anterior a 1.0.9, cunado la opción Acquire::GzipIndexes está habilitada, no valida checksums, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. El comando de descarga apt-get en APT anterior a 1.0.9 no valida debidamente las firmas para paquetes, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. APT anterior a 1.0.4 no valida debidamente paquetes de fuentes, lo que permite a atacantes man-in-the-middle descargar e instalar paquetes de caballos de troya mediante la eliminación de la firma Release. • http://secunia.com/advisories/58843 http://secunia.com/advisories/59358 http://www.debian.org/security/2014/dsa-2958 http://www.ubuntu.com/usn/USN-2246-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795 • CWE-20: Improper Input Validation •