Advanced Package Tool Security Vulnerabilities and Issues — Advanced Package Tool CVE List

Lucene search

DebianAdvanced Package Tool

4 matches found

CVE•added 2019/11/26 12:15 a.m.•140 views

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

4.3CVSS4.3AI score0.01509EPSS

CVE•added 2011/07/27 2:55 a.m.•57 views

CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

4.3CVSS6.3AI score0.00184EPSS

CVE•added 2013/03/21 5:55 p.m.•57 views

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

4.3CVSS6.4AI score0.00125EPSS

CVE•added 2014/06/17 2:55 p.m.•54 views

CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

4CVSS6.2AI score0.0023EPSS