Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0490 | 2 Debian, Linux | 2 Advanced Package Tool, Linux Kernel | 2020-01-08 | 7.5 HIGH | N/A |
| The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2014-0489 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 7.5 HIGH | N/A |
| APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2014-0488 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 6.8 MEDIUM | N/A |
| APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | |||||
| CVE-2014-0478 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 4.0 MEDIUM | N/A |
| APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | |||||
| CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 2.6 LOW | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | |||||
| CVE-2013-1051 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Apt | 2020-01-08 | 4.3 MEDIUM | N/A |
| apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | |||||
| CVE-2012-3587 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 2.6 LOW | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | |||||
| CVE-2009-1300 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 10.0 HIGH | N/A |
| apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. | |||||
| CVE-2019-10672 | 1 Symonics | 1 Libmysofa | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. | |||||
| CVE-2016-10765 | 1 Edx | 1 Edx-platform | 2020-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | |||||
| CVE-2019-15912 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2020-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2020-01-03 | 4.6 MEDIUM | 7.8 HIGH |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |||||
| CVE-2019-15914 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2020-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
| CVE-2019-15915 | 1 Mi | 8 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 5 more | 2020-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2020-01-03 | 7.8 HIGH | 8.6 HIGH |
| Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |||||
| CVE-2019-11086 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-11102 | 1 Intel | 2 Dynamic Application Loader, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0166 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2019-11100 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2019-0131 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 4.8 MEDIUM | 8.1 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||