Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-1829
APT prior to 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle malicious users to install modified packages via vectors involving lack of an initial clearsigned message.
Debian Advanced Package Tool
Canonical Ubuntu Linux 11.04
2.6
CVSSv2
CVE-2012-0954
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install altered packages via a man-in-the-middle (MITM) attack. NO...
Debian Advanced Package Tool 0.7.24
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.23
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.17
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.8.15.8
Debian Advanced Package Tool 0.8.15.7
Debian Advanced Package Tool 0.8.15.6
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.11.2
Debian Advanced Package Tool 0.8.11.1
Debian Advanced Package Tool 0.8.11
Debian Advanced Package Tool 0.8.10.3
Debian Advanced Package Tool 0.7.22.1
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.18
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.1
Debian Advanced Package Tool 0.8.15.10
Debian Advanced Package Tool 0.8.11.5
4.3
CVSSv2
CVE-2012-0214
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 up to and including 0.8.15.10 and 0.8.16 prior to 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle malicious users to install arb...
Advanced Package Tool Advanced Package Tool 0.8.13
Advanced Package Tool Advanced Package Tool 0.8.14
Advanced Package Tool Advanced Package Tool 0.8.15
Advanced Package Tool Advanced Package Tool
Advanced Package Tool Advanced Package Tool 0.8.12
Advanced Package Tool Advanced Package Tool 0.8.11
7.5
CVSSv2
CVE-2014-0487
APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
1 Article
2.6
CVSSv2
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.10.1
Debian Advanced Package Tool 0.8.10.2
Debian Advanced Package Tool
4
CVSSv2
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
10
CVSSv2
CVE-2009-1300
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
Debian Advanced Package Tool 0.7.20
6.9
CVSSv2
CVE-2010-1592
sandra.sys 15.18.1.1 and previous versions in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and previous versions allows local users to gain privileges or cause a denial of service (system crash) via unspecified vectors involving "Model-Specific Registers."
Sisoftware Sandra
1 Article
5.4
CVSSv2
CVE-2017-1182
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) malicious user to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.
Ibm Tivoli Monitoring 6.2.2.9
Ibm Tivoli Monitoring 6.3.0.7
Ibm Tivoli Monitoring 6.2.3.5
1 Article
9.3
CVSSv2
CVE-2017-11228
Adobe Acrobat Reader 2017.009.20058 and previous versions, 2017.008.30051 and previous versions, 2015.006.30306 and previous versions, and 11.0.20 and previous versions has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP...
Adobe Acrobat Reader Dc
Adobe Reader
Adobe Acrobat
Adobe Acrobat Dc
Adobe Acrobat Reader
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »