Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apt vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2012-0961
Apt 0.8.16~exp5ubuntu13.x prior to 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x prior to 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x prior to 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensi...
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
2.1
CVSSv2
CVE-2020-5202
apt-cacher-ng up to and including 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/...
Apt-cacher-ng Project Apt-cacher-ng
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
4.3
CVSSv2
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Debian Advanced Package Tool 0.8.16
Debian Apt 0.9.7
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
4.3
CVSSv2
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Apt
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
7.5
CVSSv2
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
6.8
CVSSv2
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and previous versions allows man-in-the-middle malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Debian Advanced Package Tool
6.8
CVSSv2
CVE-2014-0488
APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
7.5
CVSSv2
CVE-2014-0490
The apt-get download command in APT prior to 1.0.9 does not properly validate signatures for packages, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool
Debian Advanced Package Tool 1.0.6
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.4
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
4.3
CVSSv2
CVE-2016-1252
The apt package in Debian jessie prior to 1.0.9.8.4, in Debian unstable prior to 1.4~beta2, in Ubuntu 14.04 LTS prior to 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS prior to 1.2.15ubuntu0.2, and in Ubuntu 16.10 prior to 1.3.2ubuntu0.1 allows man-in-the-middle malicious users to bypass a...
Debian Advanced Package Tool
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
1 EDB exploit
5 Github repositories
4.3
CVSSv2
CVE-2018-0501
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x prior to 1.6.4 and 1.7.x prior to 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Canonical Ubuntu Linux 18.04
Debian Advanced Package Tool
Debian Advanced Package Tool 1.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »