Search CVE reports
51 – 60 of 107 results
CVE-2019-12523
Medium priorityAn issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2019-3688
Medium priorityThe /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions....
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12854
Low priorityDue to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12529
Medium prioritySome fixes available 3 of 4
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Fixed | Fixed |
CVE-2019-12527
Medium prioritySome fixes available 1 of 2
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12525
Medium prioritySome fixes available 3 of 4
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Fixed | Fixed |
CVE-2019-13345
Medium prioritySome fixes available 3 of 4
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Fixed | Fixed |
CVE-2018-19131
Low prioritySquid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Not affected | Not affected |
CVE-2018-19132
Low prioritySome fixes available 2 of 3
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | — | Not in release | Not in release |
squid3 | — | — | — | Fixed | Fixed |
CVE-2018-1172
Low priorityThis vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists...
1 affected package
squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid3 | — | — | — | Not affected | Not affected |