CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7206
https://notcve.org/view.php?id=CVE-2014-7206
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. El comando 'changelog' en Apt anterior a 1.0.9.2 permite a usuarios locales escribir ficheros arbitrarios a través de un ataque de enlaces simbólicos en el fichero 'changelog'. • http://secunia.com/advisories/61158 http://secunia.com/advisories/61333 http://secunia.com/advisories/61768 http://www.debian.org/security/2014/dsa-3048 http://www.securityfocus.com/bid/70310 http://www.ubuntu.com/usn/USN-2370-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 https://exchange.xforce.ibmcloud.com/vulnerabilities/96951 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6273
https://notcve.org/view.php?id=CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. Desbordamiento de buffer en el código de transporte HTTP en apt-get en APT 1.0.1 y anteriores permite a atacantes man-in-the-middle causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una URL manipulada. • http://secunia.com/advisories/61605 http://secunia.com/advisories/61710 http://www.debian.org/security/2014/dsa-3031 http://www.securityfocus.com/bid/70075 http://www.ubuntu.com/usn/USN-2353-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/96151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0487
https://notcve.org/view.php?id=CVE-2014-0487
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. APT anterior a 1.0.9 no verifica ficheros descargados si han sido modificados como indica utilizando la cabecera If-Modified-Since, lo que tiene un impacto y vectores de ataque no especificados. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0488
https://notcve.org/view.php?id=CVE-2014-0488
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. APT anterior a 1.0.9 no 'invalida los datos del repositorio' cuando se traslada de un estado no autenticado a uno autenticado, lo que permite a atacantes remotos tener un impacto no especificado a través de datos del repositorio manipulados. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2014-0489
https://notcve.org/view.php?id=CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. APT anterior a 1.0.9, cunado la opción Acquire::GzipIndexes está habilitada, no valida checksums, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •