Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian advanced package tool vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-7206
The changelog command in Apt prior to 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Debian Apt 1.0.9
Debian Advanced Package Tool
Debian Apt 0.9.7.9
Debian Advanced Package Tool 1.0.8
NA
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and previous versions allows man-in-the-middle malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Debian Advanced Package Tool
NA
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
NA
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.10.1
Debian Advanced Package Tool 0.8.10.2
Debian Advanced Package Tool
NA
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Debian Advanced Package Tool 0.8.16
Debian Apt 0.9.7
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
NA
CVE-2012-0961
Apt 0.8.16~exp5ubuntu13.x prior to 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x prior to 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x prior to 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensi...
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
NA
CVE-2012-0954
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install altered packages via a man-in-the-middle (MITM) attack. NO...
Debian Advanced Package Tool 0.7.24
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.23
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.17
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.8.15.8
Debian Advanced Package Tool 0.8.15.7
Debian Advanced Package Tool 0.8.15.6
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.11.2
Debian Advanced Package Tool 0.8.11.1
Debian Advanced Package Tool 0.8.11
Debian Advanced Package Tool 0.8.10.3
Debian Advanced Package Tool 0.7.22.1
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.18
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.1
Debian Advanced Package Tool 0.8.15.10
Debian Advanced Package Tool 0.8.11.5
NA
CVE-2012-3587
APT 0.7.x prior to 0.7.25 and 0.8.x prior to 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote malicious users to install Trojan horse packages via a man-in-the-middle (MITM) attac...
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.20.2
Debian Advanced Package Tool 0.7.20.1
Debian Advanced Package Tool 0.7.20
Debian Advanced Package Tool 0.7.15
Debian Advanced Package Tool 0.7.14
Debian Advanced Package Tool 0.7.13
Debian Advanced Package Tool 0.8.15.1
Debian Advanced Package Tool 0.8.15
Debian Advanced Package Tool 0.8.14.1
Debian Advanced Package Tool 0.8.14
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.7.23.1
Debian Advanced Package Tool 0.7.22.2
Debian Advanced Package Tool 0.7.22
Debian Advanced Package Tool 0.7.2-0.1
Debian Advanced Package Tool 0.7.19
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.12
Debian Advanced Package Tool 0.7.10
NA
CVE-2011-1829
APT prior to 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle malicious users to install modified packages via vectors involving lack of an initial clearsigned message.
Debian Advanced Package Tool
Canonical Ubuntu Linux 11.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »