Product:

Apt

(Debian)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 8
Date ID Summary Products Score Patch
2020-05-15 CVE-2020-3810 Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Apt, Debian_linux N/A
2017-12-05 CVE-2016-1252 The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. Advanced_package_tool, Apt 5.9
2014-10-15 CVE-2014-7206 The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. Advanced_package_tool, Apt N/A
2013-03-21 CVE-2013-1051 apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. Ubuntu_linux, Advanced_package_tool, Apt N/A
2012-12-26 CVE-2012-0961 Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. Advanced_package_tool, Apt N/A
2011-07-27 CVE-2011-1829 APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. Advanced_package_tool, Apt N/A
2009-04-21 CVE-2009-1358 apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. Advanced_package_tool, Apt N/A
2019-11-26 CVE-2011-3374 It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Apt, Debian_linux N/A