18 results (0.004 seconds)

CVSS: 9.3EPSS: 3%CPEs: 11EXPL: 0

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. El saneamiento incorrecto de un campo de redirección 302 en el método HTTP "transport" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyección de contenido por parte de un atacante MITM, lo que puede conducir a la ejecución remota de código en el equipo objetivo. • http://www.securityfocus.com/bid/106690 https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html https://security.netapp.com/advisory/ntap-20190125-0002 https://usn.ubuntu.com/3863-1 https://usn.ubuntu.com/3863-2 https://www.debian.org/security/2019/dsa-4371 •

CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 3

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. El paquete apt, en Debian jessie en versiones anteriores a la 1.0.9.8.4; Debian inestable en versiones anteriores a la 1.4~beta2; Ubuntu 14.04 LTS en versiones anteriores a la 1.0.1ubuntu2.17; Ubuntu 16.04 LTS en versiones anteriores a la 1.2.15ubuntu0.2 y en Ubuntu 16.10 en versiones anteriores a la 1.3.2ubuntu0.1, permite que atacantes Man-in-the-Middle (MitM) eludan un mecanismo de protección de firma de repositorios aprovechando la manipulación indebida de errores al validar las firmas de archivos InRelease. apt suffers from a repository signing bypass via memory allocation failure. • https://www.exploit-db.com/exploits/40916 http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html http://www.ubuntu.com/usn/USN-3156-1 https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467 https://www.debian.org/security/2016/dsa-3733 • CWE-295: Improper Certificate Validation •

CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. El comando 'changelog' en Apt anterior a 1.0.9.2 permite a usuarios locales escribir ficheros arbitrarios a través de un ataque de enlaces simbólicos en el fichero 'changelog'. • http://secunia.com/advisories/61158 http://secunia.com/advisories/61333 http://secunia.com/advisories/61768 http://www.debian.org/security/2014/dsa-3048 http://www.securityfocus.com/bid/70310 http://www.ubuntu.com/usn/USN-2370-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 https://exchange.xforce.ibmcloud.com/vulnerabilities/96951 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. Desbordamiento de buffer en el código de transporte HTTP en apt-get en APT 1.0.1 y anteriores permite a atacantes man-in-the-middle causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una URL manipulada. • http://secunia.com/advisories/61605 http://secunia.com/advisories/61710 http://www.debian.org/security/2014/dsa-3031 http://www.securityfocus.com/bid/70075 http://www.ubuntu.com/usn/USN-2353-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/96151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. APT anterior a 1.0.9 no 'invalida los datos del repositorio' cuando se traslada de un estado no autenticado a uno autenticado, lo que permite a atacantes remotos tener un impacto no especificado a través de datos del repositorio manipulados. • http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025 • CWE-20: Improper Input Validation •