Apt-Cacher-Ng Project Apt-Cacher-Ng vulnerabilities

CVE-2025-11146 [MEDIUM] CWE-79 CVE-2025-11146: Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker t Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

CVE-2025-11147 [MEDIUM] CWE-79 CVE-2025-11147: Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scr Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/.html”.

CVE-2019-18899 [MEDIUM] CWE-269 CVE-2019-18899: The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cac The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

CVE-2020-5202 [MEDIUM] CVE-2020-5202: apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardco apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-n

CVE-2017-7443 [MEDIUM] CWE-113 CVE-2017-7443: apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newl apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

CVE-2014-4510 [MEDIUM] CVE-2014-4510: Cross-site scripting (XSS) vulnerability in job Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.