Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian advanced package tool vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-0487
APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
1 Article
NA
CVE-2014-0489
APT prior to 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-0488
APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-0490
The apt-get download command in APT prior to 1.0.9 does not properly validate signatures for packages, which allows remote malicious users to execute arbitrary code via a crafted package.
Debian Advanced Package Tool
Debian Advanced Package Tool 1.0.3
Debian Advanced Package Tool 1.0.4
Debian Advanced Package Tool 1.0.5
Debian Advanced Package Tool 1.0.6
Debian Advanced Package Tool 1.0.7
NA
CVE-2014-7206
The changelog command in Apt prior to 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Debian Apt 0.9.7.9
Debian Apt 1.0.9
Debian Advanced Package Tool 1.0.8
Debian Advanced Package Tool
NA
CVE-2014-6273
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and previous versions allows man-in-the-middle malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Debian Advanced Package Tool
NA
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
NA
CVE-2011-3634
methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.04
Debian Advanced Package Tool 0.8.0
Debian Advanced Package Tool 0.8.1
Debian Advanced Package Tool 0.8.10
Debian Advanced Package Tool 0.8.10.1
Debian Advanced Package Tool 0.8.10.2
Debian Advanced Package Tool
NA
CVE-2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle malicious users to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
NA
CVE-2012-0961
Apt 0.8.16~exp5ubuntu13.x prior to 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x prior to 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x prior to 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensi...
Debian Apt 0.9.7
Debian Advanced Package Tool 0.8.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »