Skip to main content

Advanced Package Tool

17 CVEs product

Monthly

CVE-2020-27351 LOW Monitor

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Advanced Package Tool
NVD
CVSS 3.1
2.8
EPSS
0.4%
CVE-2020-27350 MEDIUM This Month

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Advanced Package Tool Solidfire Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2019-3462 HIGH PATCH This Week

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Advanced Package Tool Ubuntu Linux Debian Linux Active Iq +1
NVD
CVSS 3.1
8.1
EPSS
14.6%
CVE-2018-0501 MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux Advanced Package Tool
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2016-1252 MEDIUM POC This Month

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ubuntu Debian Authentication Bypass Advanced Package Tool Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
6.0%
CVE-2014-0490 HIGH PATCH This Week

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0489 HIGH PATCH This Week

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0488 MEDIUM PATCH This Month

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0487 HIGH PATCH This Week

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-7206 LOW Monitor

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Package Tool Apt
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2014-6273 MEDIUM PATCH This Month

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Advanced Package Tool
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-0478 MEDIUM POC This Month

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-0214 MEDIUM This Month

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Advanced Package Tool
NVD VulDB
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-1051 MEDIUM This Month

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool Apt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2012-0961 LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool Apt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-3587 LOW Monitor

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-0954 LOW Monitor

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
2.6
EPSS
0.4%
EPSS 0% CVSS 2.8
LOW Monitor

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Advanced Package Tool
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Advanced Package Tool +1
NVD
EPSS 15% CVSS 8.1
HIGH PATCH This Week

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Advanced Package Tool Ubuntu Linux +3
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux +1
NVD
EPSS 6% CVSS 5.9
MEDIUM POC This Month

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ubuntu Debian Authentication Bypass +2
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Advanced Package Tool
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Advanced Package Tool
NVD
EPSS 0% CVSS 3.6
LOW Monitor

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Package Tool Apt
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Package Tool
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Advanced Package Tool
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool Apt +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool +1
NVD
EPSS 0% CVSS 2.6
LOW Monitor

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool
NVD
EPSS 0% CVSS 2.6
LOW Monitor

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy