Search CVE reports


Toggle filters

41 – 50 of 140 results


CVE-2019-12521

Medium priority
Fixed

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-18860

Low priority
Fixed

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Not affected Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-12528

Medium priority
Fixed

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2020-8517

Medium priority
Fixed

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2020-8450

Medium priority
Fixed

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2020-8449

Medium priority
Fixed

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-18679

Medium priority
Fixed

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-18678

Medium priority
Fixed

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-18677

Medium priority
Fixed

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages

CVE-2019-18676

Medium priority
Fixed

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this...

2 affected packages

squid, squid3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squid Fixed Not in release Not in release
squid3 Not in release Fixed Fixed
Show less packages