RSS   Vulnerabilities for 'APT'   RSS

2020-05-15
 
CVE-2020-3810

CWE-20
 

 
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

 
2019-11-26
 
CVE-2011-3374

CWE-347
 

 
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

 
2019-01-28
 
CVE-2019-3462

CWE-74
 

 
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

 
2017-12-05
 
CVE-2016-1252

CWE-417
 

 
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

 
2014-11-03
 
CVE-2014-0490

CWE-20
 

 
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

 
 
CVE-2014-0489

CWE-20
 

 
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

 
 
CVE-2014-0488

CWE-20
 

 
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

 
 
CVE-2014-0487

CWE-noinfo
 

 
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

 
2014-10-15
 
CVE-2014-7206

 

 
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

 
2014-09-30
 
CVE-2014-6273

 

 
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

 


Copyright 2024, cxsecurity.com

 

Back to Top