Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apt vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-3810
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Apt
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5.5
CVSSv3
CVE-2019-18899
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local malicious users to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions before...
Apt-cacher-ng Project Apt-cacher-ng
Opensuse Backports Sle-15
5.5
CVSSv3
CVE-2020-5202
apt-cacher-ng up to and including 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/...
Apt-cacher-ng Project Apt-cacher-ng
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
5.5
CVSSv3
CVE-2005-3847
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions prior to 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
Linux Linux Kernel
Debian Debian Linux 3.1
4.7
CVSSv3
CVE-2019-15795
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and previous versions. This allows a man-in-the-middle attack which could potentially be used to install altered packages and...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
4.7
CVSSv3
CVE-2019-15796
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and previous versions. This allows downloads from unsigned repositories which shouldn...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
3.7
CVSSv3
CVE-2011-3374
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Debian Advanced Package Tool
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8 Github repositories
3.3
CVSSv3
CVE-2021-32556
It exists that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Canonical Apport
3.3
CVSSv3
CVE-2020-15703
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. T...
Aptdaemon Project Aptdaemon 1.1.1
2.8
CVSSv3
CVE-2020-27351
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions before 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions before 1.6.5ubuntu0.4; 2.0....
Debian Advanced Package Tool
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »