Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

advanced package tool advanced package tool vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2012-0214
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 up to and including 0.8.15.10 and 0.8.16 prior to 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle malicious users to install arb...
Advanced Package Tool Advanced Package Tool 0.8.13Advanced Package Tool Advanced Package Tool 0.8.14Advanced Package Tool Advanced Package Tool 0.8.15Advanced Package Tool Advanced Package ToolAdvanced Package Tool Advanced Package Tool 0.8.12Advanced Package Tool Advanced Package Tool 0.8.11
2.6
CVSSv2
CVE-2012-3587
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install Trojan horse packages via a man-in-the-middle (MITM) attac...
Debian Advanced Package Tool 0.7.21Debian Advanced Package Tool 0.7.20.2Debian Advanced Package Tool 0.7.20.1Debian Advanced Package Tool 0.7.20Debian Advanced Package Tool 0.7.15Debian Advanced Package Tool 0.7.14Debian Advanced Package Tool 0.7.13Debian Advanced Package Tool 0.8.15.1Debian Advanced Package Tool 0.8.15Debian Advanced Package Tool 0.8.14.1Debian Advanced Package Tool 0.8.14Debian Advanced Package Tool 0.8.10Debian Advanced Package Tool 0.8.1Debian Advanced Package Tool 0.8.0Debian Advanced Package Tool 0.7.23.1Debian Advanced Package Tool 0.7.22.2Debian Advanced Package Tool 0.7.22Debian Advanced Package Tool 0.7.2-0.1Debian Advanced Package Tool 0.7.19Debian Advanced Package Tool 0.7.16Debian Advanced Package Tool 0.7.12Debian Advanced Package Tool 0.7.10
2.6
CVSSv2
CVE-2012-0954
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install altered packages via a man-in-the-middle (MITM) attack. NO...
Debian Advanced Package Tool 0.7.24Debian Advanced Package Tool 0.7.23.1Debian Advanced Package Tool 0.7.23Debian Advanced Package Tool 0.7.22.2Debian Advanced Package Tool 0.7.17Debian Advanced Package Tool 0.7.16Debian Advanced Package Tool 0.7.15Debian Advanced Package Tool 0.8.15.8Debian Advanced Package Tool 0.8.15.7Debian Advanced Package Tool 0.8.15.6Debian Advanced Package Tool 0.8.15Debian Advanced Package Tool 0.8.11.2Debian Advanced Package Tool 0.8.11.1Debian Advanced Package Tool 0.8.11Debian Advanced Package Tool 0.8.10.3Debian Advanced Package Tool 0.7.22.1Debian Advanced Package Tool 0.7.21Debian Advanced Package Tool 0.7.18Debian Advanced Package Tool 0.7.14Debian Advanced Package Tool 0.7.1Debian Advanced Package Tool 0.8.15.10Debian Advanced Package Tool 0.8.11.5
7.5
CVSSv2
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.5Debian Advanced Package Tool 1.0.3Debian Advanced Package Tool 1.0.7
2.6
CVSSv2
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10Canonical Ubuntu Linux 8.04Canonical Ubuntu Linux 11.04Canonical Ubuntu Linux 10.04Debian Advanced Package Tool 0.8.0Debian Advanced Package Tool 0.8.1Debian Advanced Package Tool 0.8.10Debian Advanced Package Tool 0.8.10.1Debian Advanced Package Tool 0.8.10.2Debian Advanced Package Tool
7.5
CVSSv2
CVE-2014-0487
APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Debian Advanced Package Tool 1.0.3Debian Advanced Package Tool 1.0.7
6.8
CVSSv2
CVE-2014-0488
APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Debian Advanced Package Tool 1.0.3Debian Advanced Package Tool 1.0.7
4.3
CVSSv2
CVE-2018-0501
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x prior to 1.6.4 and 1.7.x prior to 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Canonical Ubuntu Linux 18.04Debian Advanced Package ToolDebian Advanced Package Tool 1.7.0
3.6
CVSSv2
CVE-2014-7206
The changelog command in Apt prior to 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Debian Apt 1.0.9Debian Advanced Package ToolDebian Apt 0.9.7.9Debian Advanced Package Tool 1.0.8
4
CVSSv2
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook