The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to...
6.2CVSS
5.2AI Score
0.0004EPSS
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary...
7.8AI Score
0.018EPSS
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular...
6.1CVSS
6.2AI Score
0.001EPSS
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket...
5.5CVSS
5AI Score
0.0004EPSS
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle...
3.7CVSS
4.3AI Score
0.002EPSS
apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown...
7.8CVSS
7.8AI Score
0.0004EPSS
The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null...
7AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also...
8.5AI Score
0.01EPSS
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp...
6.7AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket...
5.7AI Score
0.003EPSS
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip"...
8.6AI Score
0.013EPSS
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an...
7.8AI Score
0.009EPSS