pkg:Debian/apt
38 total CVEsHIGH3MEDIUM9LOW1
✅ Check your installed version
All known vulnerabilities
- from 0, < 1.4.9
- from 0, < 1.0.9.8.5
- from 0, < 1.8.0~alpha3.1
- MEDIUM5.9CVE-2018-0501The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signatur…from 0, < 1.6.4
- from 0, < 1.4~beta2
- from 0, < 1.0.9.8.4
- from 0, < 1.8.2.2
- from 0, < 2.1.13
- from 0, < 1.4.11
- from 0, < 2.1.2
- from 0, < 1.4.10
- from 0, < 1.0.9.8.6
- LOW3.7CVE-2011-3374It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-t…from 0
- —CVE-2014-0490The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execu…from 0, < 0.9.12
- —CVE-2014-0489APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute ar…from 0, < 1.0.9
- —CVE-2014-0488APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote atta…from 0, < 1.0.9
- from 0, < 0.9.7.9+deb7u3
- from 0, < 1.0.9
- from 0, < 0.8.10.3+squeeze3
- from 0, < 1.0.9.2
- from 0, < 0.9.7.9+deb7u6
- from 0, < 0.9.7.9+deb7u5
- from 0, < 1.0.3
- from 0, < 0.8.10.3+squeeze5
- from 0, < 1.0.4
- from 0, < 0.9.7.9+deb7u2
- —CVE-2012-0214The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before…from 0, < 0.8.15.10
- from 0, < 0.8.11
- from 0, < 0.8.10.3+squeeze2
- —CVE-2013-1051apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify…from 0, < 0.9.7.8
- —CVE-2012-0961Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0…from 0, < 0.9.7.7
- —CVE-2012-3587APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and d…from 0, < 0.7.25
- —CVE-2012-0954APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and d…from 0, < 0.7.25
- —CVE-2011-1829APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages…from 0, < 0.8.15.2
- —CVE-2009-1358apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when…from 0, < 0.7.21
- from 0, < 0.6.46.4-0.1+etch1
- from 0, < 0.7.20.2+squeeze1
- from 0, < 0.7.21