Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian apt vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-0501
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x prior to 1.6.4 and 1.7.x prior to 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Canonical Ubuntu Linux 18.04
Debian Advanced Package Tool
Debian Advanced Package Tool 1.7.0
7
CVSSv3
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
5.9
CVSSv3
CVE-2016-1252
The apt package in Debian jessie prior to 1.0.9.8.4, in Debian unstable prior to 1.4~beta2, in Ubuntu 14.04 LTS prior to 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS prior to 1.2.15ubuntu0.2, and in Ubuntu 16.10 prior to 1.3.2ubuntu0.1 allows man-in-the-middle malicious users to bypass a...
Debian Advanced Package Tool
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
1 EDB exploit
5 Github repositories
7.8
CVSSv3
CVE-2013-6049
apt-listbugs prior to 0.1.10 creates temporary files insecurely, which allows malicious users to have unspecified impact via unknown vectors.
Apt-listbugs Project Apt-listbugs -
Debian Debian Linux 8.0
Debian Debian Linux 7.0
7.8
CVSSv3
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x up to and including 4.x prior to 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka ...
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Linux Linux Kernel
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Tus 6.5
Redhat Enterprise Linux Eus 6.7
Redhat Enterprise Linux Long Life 5.6
Redhat Enterprise Linux Aus 6.4
Redhat Enterprise Linux 5
Redhat Enterprise Linux Long Life 5.9
Redhat Enterprise Linux Aus 6.2
Redhat Enterprise Linux Eus 7.1
Redhat Enterprise Linux Eus 6.6
Redhat Enterprise Linux Aus 6.5
Debian Debian Linux 8.0
Debian Debian Linux 7.0
5 EDB exploits
182 Github repositories
6 Articles
NA
CVE-2015-1330
unattended-upgrades prior to 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle malicious users to upload and execute arbitrary pa...
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Unattended-upgrades
NA
CVE-2014-0488
APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-0490
The apt-get download command in APT prior to 1.0.9 does not properly validate signatures for packages, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool
Debian Advanced Package Tool 1.0.6
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.4
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-0487
APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
1 Article
NA
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »