Search CVE reports
41 – 50 of 147 results
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a...
2 affected packages
squid3, squid
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid3 | — | — | Not in release | Not affected |
| squid | — | — | Not affected | Not in release |
Some fixes available 5 of 6
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Fixed | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Fixed | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Not affected | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Fixed | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Not affected | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | Vulnerable | Vulnerable | Vulnerable | Not in release |
| squid3 | Not in release | Not in release | Not in release | Vulnerable |
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Fixed | Not in release |
| squid3 | — | — | Not in release | Fixed |
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Not affected | Not in release |
| squid3 | — | — | Not in release | Fixed |
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| squid | — | — | Fixed | Not in release |
| squid3 | — | — | Not in release | Fixed |