Search CVE reports
51 – 60 of 140 results
CVE-2019-12526
Medium priorityAn issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | Fixed | Not in release | Not in release |
| squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2019-12523
Medium priorityAn issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | Fixed | Not in release | Not in release |
| squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2019-3688
Medium priorityThe /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions....
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12854
Low priorityDue to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12529
Medium prioritySome fixes available 3 of 4
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Fixed | Fixed |
CVE-2019-12527
Medium prioritySome fixes available 1 of 2
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Not affected | Not affected |
CVE-2019-12525
Medium prioritySome fixes available 3 of 4
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Fixed | Fixed |
CVE-2019-13345
Medium prioritySome fixes available 3 of 4
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Fixed | Fixed |
CVE-2018-19131
Low prioritySquid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Not affected | Not affected |
CVE-2018-19132
Low prioritySome fixes available 2 of 3
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | — | — | Not in release | Not in release |
| squid3 | — | — | — | Fixed | Fixed |