2 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Una falta de comprobación de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podría resultar en una denegación de servicio al procesar archivos deb especialmente diseñados • https://bugs.launchpad.net/bugs/1878177 https://github.com/Debian/apt/issues/111 https://lists.debian.org/debian-security-announce/2020/msg00089.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable https://usn.ubuntu.com/4359-1 https://usn.ubuntu.com/4359-2 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. El comando 'changelog' en Apt anterior a 1.0.9.2 permite a usuarios locales escribir ficheros arbitrarios a través de un ataque de enlaces simbólicos en el fichero 'changelog'. • http://secunia.com/advisories/61158 http://secunia.com/advisories/61333 http://secunia.com/advisories/61768 http://www.debian.org/security/2014/dsa-3048 http://www.securityfocus.com/bid/70310 http://www.ubuntu.com/usn/USN-2370-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 https://exchange.xforce.ibmcloud.com/vulnerabilities/96951 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •