Skip to main content

Apt

4 CVEs product

Monthly

CVE-2020-3810 MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2014-7206 LOW Monitor

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Package Tool Apt
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2013-1051 MEDIUM This Month

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool Apt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2012-0961 LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool Apt
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux +2
NVD GitHub
EPSS 0% CVSS 3.6
LOW Monitor

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Package Tool Apt
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool Apt +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy