Search CVE reports


Toggle filters

31 – 40 of 107 results


CVE-2020-15810

Medium priority
Fixed

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client,...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2020-14059

Medium priority
Not affected

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Not affected Not in release Not in release
squid3 Not in release Not affected Not affected
Show less packages

CVE-2020-14058

Medium priority
Not affected

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Not affected Not in release Not in release
squid3 Not in release Not affected Not affected
Show less packages

CVE-2020-15049

Low priority

Some fixes available 5 of 6

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2020-11945

Medium priority
Fixed

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-12520

Medium priority
Fixed

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Not affected Not in release Not in release
squid3 Not in release Fixed Not affected
Show less packages

CVE-2019-12519

Medium priority
Fixed

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-12524

Medium priority
Fixed

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Not affected Not in release Not in release
squid3 Not in release Fixed Not affected
Show less packages

CVE-2019-12522

Low priority
Vulnerable

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Vulnerable Vulnerable Vulnerable Not in release Not in release
squid3 Not in release Not in release Not in release Vulnerable Vulnerable
Show less packages

CVE-2019-12521

Medium priority
Fixed

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages