Debian Advanced Package Tool
By the Year
In 2024 there have been 0 vulnerabilities in Debian Advanced Package Tool . Advanced Package Tool did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 5.90 |
| 2018 | 1 | 5.90 |
It may take a day or so for new Advanced Package Tool vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Debian Advanced Package Tool Security Vulnerabilities
It was found that apt-key in apt
CVE-2011-3374
3.7 - Low
- November 26, 2019
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Improper Verification of Cryptographic Signature
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier
CVE-2019-3462
8.1 - High
- January 28, 2019
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror
CVE-2018-0501
5.9 - Medium
- August 21, 2018
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Improper Verification of Cryptographic Signature
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which
CVE-2011-3634
- March 01, 2014
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Information Disclosure
APT before 0.8.15.2 does not properly validate inline GPG signatures, which
CVE-2011-1829
- July 27, 2011
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Debian? Click the Watch button to subscribe.
