Lucene search
K
DebianAdvanced Package Tool

21 matches found

CVE
CVE
added 2020/12/10 4:5 a.m.316 views

CVE-2020-27350

Public technical details (affected package internals, exploit vectors, and fixes) for CVE-2020-27350 are not provided in the connected documents. The materials reference advisories but do not disclose root cause or remediation specifics; monitor for updates.

5.7CVSS5.3AI score0.00377EPSS
CVE
CVE
added 2020/12/10 4:5 a.m.315 views

CVE-2020-27351

CVE-2020-27351 involves memory and file descriptor leaks in the apt-python components used by python-apt (python/arfile.cc, python/tag.cc, python/tarfile.cc). Affected packages include python-apt with listed Ubuntu/Debian release variants (e.g., 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0; 2.0.0ubu...

2.8CVSS3.4AI score0.0039EPSS
CVE
CVE
added 2019/01/28 9:0 p.m.252 views

CVE-2019-3462

CVE-2019-3462 affects apt 1.4.8 and earlier due to incorrect sanitation of the 302 redirect field in the HTTP transport, enabling content injection by a MITM attacker and potentially leading to remote code execution. Public docs confirm the flaw is in apt’s redirect handling and that exploitation...

9.3CVSS7.1AI score0.14555EPSS
CVE
CVE
added 2019/11/25 11:13 p.m.158 views

CVE-2011-3374

CVE-2011-3374 : Apt-key in apt (all versions) does not correctly validate GPG keys with the master keyring, enabling a potential man-in-the-middle attack. The IBM/X-Force bulletin for CVE-2011-3374 (linked in the connected docs) confirms the vulnerability and lists CWE-347 (Improper Verification ...

4.3CVSS4.3AI score0.01191EPSS
CVE
CVE
added 2017/12/05 4:0 p.m.148 views

CVE-2016-1252

CVE-2016-1252 affects the apt package in Debian (Jessie before 1.0.9.8.4) and in Ubuntu (14.04 LTS before 1.0.1ubuntu2.17, 16.04 LTS before 1.2.15ubuntu0.2, 16.10 before 1.3.2ubuntu0.1; Debian unstable before 1.4~beta2). It permits MITM attackers to bypass repository-signing protection by exploit...

5.9CVSS5.7AI score0.07308EPSS
CVE
CVE
added 2018/08/21 12:0 a.m.107 views

CVE-2018-0501

The CVE-2018-0501 detail: APT’s mirror:// handling in 1.6.x (pre-1.6.4) and 1.7.x (pre-1.7.0~alpha3) mishandles GPG verification for the InRelease file of a fallback mirror (mirrorfail). Impact: remote MITM could install altered packages when using mirror:// entries. Remediation: upgrade to 1.6.4...

5.9CVSS5.6AI score0.00954EPSS
CVE
CVE
added 2009/04/16 3:0 p.m.95 views

CVE-2009-1300

CVE-2009-1300 affects the apt package (dpkg front-end) where the cron.daily script can fail to load security updates in time zones with DST at midnight because the date command’s return code is not checked. Connected advisories confirm the issue across multiple distributions (Debian etch, lenny; ...

10CVSS6.5AI score0.01856EPSS
CVE
CVE
added 2014/11/03 10:0 p.m.94 views

CVE-2014-0487

CVE-2014-0487 affects APT prior to 1.0.9. The issue is that APT does not verify downloaded files if they have been modified as indicated by the If-Modified-Since header, with unspecified impact and attack vectors. CVSSv2 base score 7.5 (HIGH) from NVD, but the provided documents do not specify co...

7.5CVSS6.5AI score0.01854EPSS
CVE
CVE
added 2014/09/30 2:0 p.m.85 views

CVE-2014-6273

Summary: CVE-2014-6273 is a buffer overflow in the HTTP transport code of apt-get in APT 1.0.1 and earlier , enabling MITM-induced DoS or possible arbitrary code execution via a crafted URL. Multiple connected records confirm: Debian/DLA-58-2 provides a regression fix for apt; OSV entries documen...

6.8CVSS9.5AI score0.02437EPSS
CVE
CVE
added 2009/04/21 11:0 p.m.81 views

CVE-2009-1358

CVE-2009-1358 affects the Debian/Red Hat apt client: apt-get before 0.7.21 fails to validate the error code from gpgv, causing an otherwise revoked/expired OpenPGP key to be treated as valid and potentially allow installation of malicious repositories. Affected software is the apt package manager...

10CVSS6.8AI score0.04396EPSS
CVE
CVE
added 2014/10/15 2:0 p.m.79 views

CVE-2014-7206

CVE-2014-7206 affects apt’s changelog retrieval: the changelog functionality before version 1.0.9.2 allows local users to overwrite arbitrary files via a symlink-based race. Vulnerable: apt, prior to 1.0.9.2. Root cause: insecure creation/use of temporary files during changelog access. Impact: lo...

3.6CVSS6.2AI score0.00386EPSS
CVE
CVE
added 2013/03/21 5:0 p.m.76 views

CVE-2013-1051

CVE-2013-1051 affects apt versions 0.8.16 and 0.9.7 (and possibly others) through improper handling of InRelease files, enabling man-in-the-middle modification of packages before installation via unknown vectors. The underlying issue relates to repository integrity checks and third‑party reposito...

4.3CVSS6.4AI score0.01343EPSS
CVE
CVE
added 2012/06/19 8:0 p.m.75 views

CVE-2012-0954

Affected software: APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16. The vulnerability arises when using apt-key net-update to import keyrings: it relies on GnuPG argument order and does not validate GPG subkeys, which may allow remote attackers to perform a MITM and install altered packages. This...

2.6CVSS6.5AI score0.02211EPSS
CVE
CVE
added 2014/06/17 2:0 p.m.75 views

CVE-2014-0478

CVE-2014-0478 affects APT prior to 1.0.4 and arises from improper validation of source packages, enabling MITM attackers to install Trojan horse packages by removing the Release signature. Connected advisories (Ubuntu USN-2246-1, Debian/DLA-0005-1, OSV references) corroborate the issue across Deb...

4CVSS6.2AI score0.0157EPSS
CVE
CVE
added 2014/02/28 6:0 p.m.73 views

CVE-2011-3634

CVE-2011-3634 affects apt before 0.8.11, where methods/https.cc accepts HTTPS connections even when certificate hostname validation fails if Verify-Host is enabled. This misbehavior can allow a MITM to obtain repository credentials for HTTPS sources. The published descriptions (NVD and OSV family...

2.6CVSS6.2AI score0.00799EPSS
CVE
CVE
added 2014/11/03 10:0 p.m.73 views

CVE-2014-0489

CVE-2014-0489 affects APT prior to 1.0.9: when Acquire::GzipIndexes is enabled, it does not validate checksums, enabling remote code execution via a crafted package. The vulnerability is documented across multiple feeds (NVD, OSV, Debian advisories) with a CVSS v2 base score of 7.5 (HIGH). Affect...

7.5CVSS7.5AI score0.03614EPSS
CVE
CVE
added 2014/11/03 10:0 p.m.72 views

CVE-2014-0488

CVE-2014-0488 concerns APT before 1.0.9, where the package manager does not properly invalidate repository data when transitioning from unauthenticated to authenticated state. This can allow a remote attacker to influence repository data with unspecified impact. The connected advisories consisten...

6.8CVSS6.8AI score0.02084EPSS
CVE
CVE
added 2012/12/26 10:0 p.m.70 views

CVE-2012-0961

CVE-2012-0961 affects apt in Ubuntu, where the package versions listed (0.8.16~exp5ubuntu13.x up to 0.9.7.5ubuntu5.x) expose world-readable permissions on /var/log/apt/term.log. This permits local users to read sensitive shell information from the log and is a local information-disclosure issue. ...

2.1CVSS5.8AI score0.00352EPSS
CVE
CVE
added 2014/11/03 10:0 p.m.70 views

CVE-2014-0490

The CVE-2014-0490 issue affects APT’s download path prior to version 1.0.9, where apt-get download did not properly validate package signatures. This allows a crafted package to potentially execute arbitrary code on affected systems. Public advisories document the vulnerability in several distrib...

7.5CVSS7.6AI score0.03614EPSS
CVE
CVE
added 2011/07/27 1:29 a.m.69 views

CVE-2011-1829

CVE-2011-1829 affects apt (

4.3CVSS6.3AI score0.01686EPSS
CVE
CVE
added 2012/06/19 8:0 p.m.65 views

CVE-2012-3587

CVE-2012-3587 affects Apt 0.7.x before 0.7.25 and 0.8.x before 0.8.16. The flaw occurs when using apt-key net-update to import keyrings: it relies on GnuPG argument order and does not check GPG subkeys, which could allow remote attackers to install Trojan horse packages via a man-in-the-middle at...

2.6CVSS6.5AI score0.01704EPSS