Vulnerabilities > Debian > Advanced Package Tool > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-28 CVE-2019-3462 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
network
high complexity
debian canonical netapp
8.1
2014-11-03 CVE-2014-0490 Improper Input Validation vulnerability in Debian Advanced Package Tool
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
network
low complexity
debian linux CWE-20
7.5
2014-11-03 CVE-2014-0489 Improper Input Validation vulnerability in Debian Advanced Package Tool 1.0.3/1.0.5/1.0.7
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
network
low complexity
debian CWE-20
7.5
2014-11-03 CVE-2014-0487 Security Bypass vulnerability in apt
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
network
low complexity
debian
7.5