CVE-2020-3810

CVE-2020-3810 : Missing input validation in the ar/tar implementations of apt could cause a denial of service when processing specially crafted deb files. Affected: apt before 2.1.2. Remediation: upgrade to apt 2.1.2 or newer (per Debian/ Fedora advisories referencing the fix).

CVE-2009-1358

CVE-2009-1358 affects the Debian/Red Hat apt client: apt-get before 0.7.21 fails to validate the error code from gpgv, causing an otherwise revoked/expired OpenPGP key to be treated as valid and potentially allow installation of malicious repositories. Affected software is the apt package manager...

CVE-2014-7206

CVE-2014-7206 affects apt’s changelog retrieval: the changelog functionality before version 1.0.9.2 allows local users to overwrite arbitrary files via a symlink-based race. Vulnerable: apt, prior to 1.0.9.2. Root cause: insecure creation/use of temporary files during changelog access. Impact: lo...

CVE-2013-1051

CVE-2013-1051 affects apt versions 0.8.16 and 0.9.7 (and possibly others) through improper handling of InRelease files, enabling man-in-the-middle modification of packages before installation via unknown vectors. The underlying issue relates to repository integrity checks and third‑party reposito...

CVE-2012-0961

CVE-2012-0961 affects apt in Ubuntu, where the package versions listed (0.8.16~exp5ubuntu13.x up to 0.9.7.5ubuntu5.x) expose world-readable permissions on /var/log/apt/term.log. This permits local users to read sensitive shell information from the log and is a local information-disclosure issue. ...