Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0488 | 6.8 |
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
|
08-01-2020 - 15:22 | 03-11-2014 - 22:55 | |
CVE-2014-0487 | 7.5 |
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
|
08-01-2020 - 15:22 | 03-11-2014 - 22:55 | |
CVE-2014-0490 | 7.5 |
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
|
08-01-2020 - 15:22 | 03-11-2014 - 22:55 | |
CVE-2014-0489 | 7.5 |
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
|
08-01-2020 - 15:22 | 03-11-2014 - 22:55 |