CVE-2019-15795

MEDIUM Year: 2019
CVSS v3 Score
4.7
Medium
CVSS v2 Score
2.6
Low
Weakness Type
CWE-327
View all →

Vulnerability Description

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Related Vulnerabilities

CVE-2017-14937

MEDIUM
CVSS:4.7(Medium)

The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units...

CWE-3272017

CVE-2021-36647

MEDIUM
CVSS:4.7(Medium)

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to pre...

CWE-3272021

CVE-2022-30187

MEDIUM
CVSS:4.7(Medium)

Azure Storage Library Information Disclosure Vulnerability

CWE-3272022

CVE-2007-5460

MEDIUM
CVSS:4.6(Medium)

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the devic...

CWE-3272007

CVE-2019-11341

MEDIUM
CVSS:4.6(Medium)

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering t...

CWE-3272019

CVE-2020-12702

MEDIUM
CVSS:4.6(Medium)

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd...

CWE-3272020