Improper input validation in Linux Linux_kernel
CVE-2014-0490
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Debian Advanced_package_tool — versions 1.0.3, 1.0.4, 1.0.5
- N/a — versions n/a
Weakness classification (CWE)
References
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (x_refsource_UBUNTU, vendor-advisory, Patch, Vendor Advisory)
- security@debian.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)