CVE search results

61 – 70 of 116 results

Detailed view

Sort by:

CVE-2019-3688

Medium priority

Not affected

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions....

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Not affected

CVE-2019-12854

Low priority

Fixed

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of...

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Not affected

CVE-2019-12529

Medium priority

Some fixes available 3 of 4

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines...

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Fixed

CVE-2019-12527

Medium priority

Some fixes available 1 of 2

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater...

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Not affected

CVE-2019-12525

Medium priority

Some fixes available 3 of 4

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and...

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Fixed

CVE-2019-13345

Medium priority

Some fixes available 3 of 4

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Fixed

CVE-2018-19131

Low priority

Not affected

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Not affected

CVE-2018-19132

Low priority

Some fixes available 2 of 3

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.

2 affected packages

squid, squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	—	—	Not in release
squid3	—	—	—	—	Fixed

CVE-2018-1172

Low priority

Ignored

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists...

1 affected package

squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid3	—	—	—	—	Not affected

CVE-2018-1000027

Low priority

Fixed

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to...

1 affected package

squid3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid3	—	—	—	—	Fixed

Export to JSON

Results by page:

Search CVE reports