12 matches found
USN-8109-1 debian-goodies vulnerability
Jakub Wilk discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...
USN-8109-1: Debian Goodies vulnerability
Jakub Wilk discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...
The vulnerability of the eval() function in the debmany utility package of the Debian-goodies suite allows a hacker to execute arbitrary commands.
The vulnerability of the eval function in the debmany utility package of the Debian-goodies suite is related to the lack of measures taken to neutralize special elements used in operating system commands when processing .deb files. Exploiting this vulnerability allows an attacker to execute...
CVE-2023-27635
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...
PT-2023-1670
Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...
DEBIAN-CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...
PT-2020-6168 · Packagekit +3 · Packagekit +3
Name of the Vulnerable Software and Affected Versions: PackageKit affected versions not specified Description: The issue is related to PackageKit's apt backend, which incorrectly treats all local debs as trusted. This is problematic because the apt security model relies on repository trust rather...
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...
Input validation
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...
UBUNTU-CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files...