Vulnerabilities > Debian > Advanced Package Tool > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-28 | CVE-2019-3462 | Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. | 8.1 |
2014-11-03 | CVE-2014-0490 | Improper Input Validation vulnerability in Debian Advanced Package Tool The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | 7.5 |
2014-11-03 | CVE-2014-0489 | Improper Input Validation vulnerability in Debian Advanced Package Tool 1.0.3/1.0.5/1.0.7 APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | 7.5 |
2014-11-03 | CVE-2014-0487 | Security Bypass vulnerability in apt APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | 7.5 |