Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian apt vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2012-0961
Apt 0.8.16~exp5ubuntu13.x prior to 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x prior to 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x prior to 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensi...
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
4.3
CVSSv2
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Debian Advanced Package Tool 0.8.16
Debian Apt 0.9.7
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
4.3
CVSSv2
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Apt
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
7.5
CVSSv2
CVE-2014-0490
The apt-get download command in APT prior to 1.0.9 does not properly validate signatures for packages, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool
Debian Advanced Package Tool 1.0.6
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.4
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
2.6
CVSSv2
CVE-2012-0954
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install altered packages via a man-in-the-middle (MITM) attack. NO...
Debian Advanced Package Tool 0.7.24
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.23
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.17
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.8.15.8
Debian Advanced Package Tool 0.8.15.7
Debian Advanced Package Tool 0.8.15.6
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.11.2
Debian Advanced Package Tool 0.8.11.1
Debian Advanced Package Tool 0.8.11
Debian Advanced Package Tool 0.8.10.3
Debian Advanced Package Tool 0.7.22.1
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.18
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.1
Debian Advanced Package Tool 0.8.15.10
Debian Advanced Package Tool 0.8.11.5
7.5
CVSSv2
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
6.8
CVSSv2
CVE-2014-0488
APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
2.6
CVSSv2
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.10.1
Debian Advanced Package Tool 0.8.10.2
Debian Advanced Package Tool
7.5
CVSSv2
CVE-2014-0487
APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
1 Article
4.3
CVSSv2
CVE-2018-0501
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x prior to 1.6.4 and 1.7.x prior to 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Canonical Ubuntu Linux 18.04
Debian Advanced Package Tool
Debian Advanced Package Tool 1.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »