CVE search results

41 – 50 of 142 results

Detailed view

Sort by:

CVE-2019-12524

Medium priority

Fixed

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Not affected	Not in release
squid3	—	—	Not in release	Fixed

CVE-2019-12522

Low priority

Vulnerable

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	Vulnerable	Vulnerable	Vulnerable	Not in release
squid3	Not in release	Not in release	Not in release	Vulnerable

CVE-2019-12521

Medium priority

Fixed

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2019-18860

Low priority

Fixed

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Not affected	Not in release
squid3	—	—	Not in release	Fixed

CVE-2019-12528

Medium priority

Fixed

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2020-8517

Medium priority

Fixed

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2020-8450

Medium priority

Fixed

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2020-8449

Medium priority

Fixed

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2019-18679

Medium priority

Fixed

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

CVE-2019-18678

Medium priority

Fixed

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response...

2 affected packages

squid, squid3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
squid	—	—	Fixed	Not in release
squid3	—	—	Not in release	Fixed

Export to JSON

Results by page:

Search CVE reports