VYPR

Apt Cacher Ng

by Apt Cacher Ng Project

CVEs (5)

  • CVE-2017-7443MedApr 5, 2017
    risk 0.40cvss 6.1epss 0.01

    apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

  • CVE-2025-11147Sep 29, 2025
    risk 0.00cvss epss 0.00

    Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/.html”.

  • CVE-2025-11146Sep 29, 2025
    risk 0.00cvss epss 0.00

    Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

  • CVE-2019-18899Jan 23, 2020
    risk 0.00cvss epss 0.00

    The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to…

  • CVE-2020-5202Jan 21, 2020
    risk 0.00cvss epss 0.00

    apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit…