Vulnerability CVE-2014-0478


Published: 2014-06-17

Description:
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: APT 
Version: 1.0.3;

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.debian.org/security/2014/dsa-2958
http://www.ubuntu.com/usn/USN-2246-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795

Related CVE
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVE-2019-12594
DOSBox 0.74-2 has Incorrect Access Control.
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi...
CVE-2019-13031
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

Copyright 2019, cxsecurity.com

 

Back to Top