Search CVE reports
31 – 40 of 140 results
CVE-2020-15811
Low priorityAn issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client,...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2020-15810
Medium priorityAn issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client,...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2020-14059
Medium priorityAn issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Not affected | Not in release | Not in release |
squid3 | — | — | Not in release | Not affected | Not affected |
CVE-2020-14058
Medium priorityAn issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Not affected | Not in release | Not in release |
squid3 | — | — | Not in release | Not affected | Not affected |
CVE-2020-15049
Low prioritySome fixes available 5 of 6
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2020-11945
Medium priorityAn issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2019-12520
Medium priorityAn issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Not affected | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Not affected |
CVE-2019-12519
Medium priorityAn issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Fixed | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Fixed |
CVE-2019-12524
Medium priorityAn issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | — | — | Not affected | Not in release | Not in release |
squid3 | — | — | Not in release | Fixed | Not affected |
CVE-2019-12522
Low priorityAn issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This...
2 affected packages
squid, squid3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
squid | Vulnerable | Vulnerable | Vulnerable | Not in release | Not in release |
squid3 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |