Vulnerabilities > Debian > Advanced Package Tool
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-15 | CVE-2014-7206 | Link Following vulnerability in Debian Advanced Package Tool and APT The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | 3.6 |
| 2014-09-30 | CVE-2014-6273 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Advanced Package Tool Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. | 6.8 |
| 2014-06-17 | CVE-2014-0478 | Improper Input Validation vulnerability in Debian Advanced Package Tool APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | 4.0 |
| 2013-03-21 | CVE-2013-1051 | Improper Input Validation vulnerability in multiple products apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | 4.3 |
| 2012-12-26 | CVE-2012-0961 | Information Exposure vulnerability in Debian Advanced Package Tool and APT Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | 2.1 |
| 2012-06-19 | CVE-2012-3587 | Improper Input Validation vulnerability in Debian Advanced Package Tool APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | 2.6 |
| 2012-06-19 | CVE-2012-0954 | Improper Input Validation vulnerability in Debian Advanced Package Tool APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. | 2.6 |
| 2011-07-27 | CVE-2011-1829 | Improper Input Validation vulnerability in multiple products APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. | 4.3 |
| 2009-04-21 | CVE-2009-1358 | Unspecified vulnerability in Debian Advanced Package Tool and APT apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. | 10.0 |
| 2009-04-16 | CVE-2009-1300 | Improper Input Validation vulnerability in Debian Advanced Package Tool 0.7.20 apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. | 10.0 |