Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Advanced_package_tool
(Debian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-03 | CVE-2014-0489 | APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | Advanced_package_tool | N/A | ||
| 2014-11-03 | CVE-2014-0488 | APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | Advanced_package_tool | N/A | ||
| 2014-11-03 | CVE-2014-0487 | APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | Advanced_package_tool | N/A | ||
| 2014-06-17 | CVE-2014-0478 | APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | Advanced_package_tool | N/A | ||
| 2013-03-21 | CVE-2013-1051 | apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | Ubuntu_linux, Advanced_package_tool, Apt | N/A | ||
| 2012-06-19 | CVE-2012-3587 | APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | Advanced_package_tool | N/A | ||
| 2012-12-26 | CVE-2012-0961 | Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | Advanced_package_tool, Apt | N/A | ||
| 2012-06-19 | CVE-2012-0954 | APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | Advanced_package_tool | N/A | ||
| 2009-04-21 | CVE-2009-1358 | apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. | Advanced_package_tool, Apt | N/A | ||
| 2009-04-16 | CVE-2009-1300 | apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. | Advanced_package_tool | N/A |