Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian apt vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2014-7206
The changelog command in Apt prior to 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Debian Apt 1.0.9
Debian Advanced Package Tool
Debian Apt 0.9.7.9
Debian Advanced Package Tool 1.0.8
4.3
CVSSv2
CVE-2014-4510
Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Debian Apt-cacher 0.7.26
6.8
CVSSv2
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and previous versions allows man-in-the-middle malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Debian Advanced Package Tool
4
CVSSv2
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
2.6
CVSSv2
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.10.1
Debian Advanced Package Tool 0.8.10.2
Debian Advanced Package Tool
4.3
CVSSv2
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Debian Advanced Package Tool 0.8.16
Debian Apt 0.9.7
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
2.1
CVSSv2
CVE-2012-0961
Apt 0.8.16~exp5ubuntu13.x prior to 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x prior to 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x prior to 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensi...
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
2.6
CVSSv2
CVE-2012-3587
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install Trojan horse packages via a man-in-the-middle (MITM) attac...
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.20.2
Debian Advanced Package Tool 0.7.20.1
Debian Advanced Package Tool 0.7.20
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.13
Debian Advanced Package Tool 0.8.15.1
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.14.1
Debian Advanced Package Tool 0.8.14
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.22
Debian Advanced Package Tool 0.7.2-0.1
Debian Advanced Package Tool 0.7.19
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.12
Debian Advanced Package Tool 0.7.10
2.6
CVSSv2
CVE-2012-0954
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install altered packages via a man-in-the-middle (MITM) attack. NO...
Debian Advanced Package Tool 0.7.24
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.23
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.17
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.8.15.8
Debian Advanced Package Tool 0.8.15.7
Debian Advanced Package Tool 0.8.15.6
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.11.2
Debian Advanced Package Tool 0.8.11.1
Debian Advanced Package Tool 0.8.11
Debian Advanced Package Tool 0.8.10.3
Debian Advanced Package Tool 0.7.22.1
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.18
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.1
Debian Advanced Package Tool 0.8.15.10
Debian Advanced Package Tool 0.8.11.5
10
CVSSv2
CVE-2012-0507
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and previous versions, 6 Update 30 and previous versions, and 5.0 Update 33 and previous versions allows remote malicious users to affect confidentiality, integrity, and availab...
Sun Jre 1.5.0
Sun Jre 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.7.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Server 10
Suse Linux Enterprise Java 10
Suse Linux Enterprise Java 11
1 EDB exploit
1 Github repository
12 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »