Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian apt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38646
Metabase open source prior to 0.46.6.1 and Metabase Enterprise prior to 1.46.6.1 allow malicious users to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4...
Metabase Metabase
50 Github repositories
6.8
CVSSv2
CVE-2021-21224
Type confusion in V8 in Google Chrome before 90.0.4430.85 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page.
Google Chrome
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
1 Article
4.6
CVSSv2
CVE-2020-27350
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions before 1.2.32ubuntu0.2; 1.6...
Debian Advanced Package Tool
Netapp Solidfire Baseboard Management Controller Firmware -
1 Github repository
2.1
CVSSv2
CVE-2020-27351
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions before 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions before 1.6.5ubuntu0.4; 2.0....
Debian Advanced Package Tool
4.3
CVSSv2
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Apt
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
2.6
CVSSv2
CVE-2019-15795
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and previous versions. This allows a man-in-the-middle attack which could potentially be used to install altered packages and...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
2.6
CVSSv2
CVE-2019-15796
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and previous versions. This allows downloads from unsigned repositories which shouldn...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
2.1
CVSSv2
CVE-2020-5202
apt-cacher-ng up to and including 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/...
Apt-cacher-ng Project Apt-cacher-ng
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
4.3
CVSSv2
CVE-2011-3374
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Debian Advanced Package Tool
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8 Github repositories
10
CVSSv2
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Exim Exim
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
3 EDB exploits
14 Github repositories
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »