4.3

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDpkg Version <= 1.16.15
DebianDpkg Version1.17.0
DebianDpkg Version1.17.1
DebianDpkg Version1.17.2
DebianDpkg Version1.17.3
DebianDpkg Version1.17.4
DebianDpkg Version1.17.5
DebianDpkg Version1.17.6
DebianDpkg Version1.17.7
DebianDpkg Version1.17.8
DebianDpkg Version1.17.9
DebianDpkg Version1.17.10
DebianDpkg Version1.17.11
DebianDpkg Version1.17.12
DebianDpkg Version1.17.13
DebianDpkg Version1.17.14
DebianDpkg Version1.17.15
DebianDpkg Version1.17.16
DebianDpkg Version1.17.17
DebianDpkg Version1.17.18
DebianDpkg Version1.17.19
DebianDpkg Version1.17.20
DebianDpkg Version1.17.21
DebianDpkg Version1.17.22
DebianDpkg Version1.17.23
DebianDpkg Version1.17.24
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.7
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.