Page 10 of 67 results (0.004 seconds)

CVSS: 9.8EPSS: 12%CPEs: 12EXPL: 0

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch https://github.com/squid-cache/squid/commits/v4 https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 94%CPEs: 2EXPL: 1

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. El modulo web del archivo cachemgr.cgi de Squid hasta versión 4.7, presenta un problema de tipo XSS por medio del parámetro user_name o auth. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.securityfocus.com/bid/109095 https://access.redhat.com/errata/RHSA-2019:3476 https://bugs.squid-cache.org/show_bug.cgi?id=4957 https://github.com/squid-cache/squid/pull/429 https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html https:/&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 1%CPEs: 2EXPL: 0

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. Squid en versiones anteriores a la 4.4, cuando está habilitado SNMP, permite una denegación de servicio (fuga de memoria) mediante un paquete SNMP. • http://www.squid-cache.org/Advisories/SQUID-2018_5.txt http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch https://github.com/squid-cache/squid/pull/313 https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://usn.ubuntu.com/4059-1 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. Squid en versiones anteriores a la 4.4 tiene Cross-Site Scripting (XSS) mediante un certificado X.509 manipulado durante la generación de la página de error HTTP(S) para los errores de certificado. • https://github.com/JonathanWilbur/CVE-2018-19131 http://www.squid-cache.org/Advisories/SQUID-2018_4.txt http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch https://github.com/squid-cache/squid/pull/306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. Squid Software Foundation Squid HTTP Caching Proxy, en versiones anteriores a la 4.0.23, contiene una vulnerabilidad de desreferencia de puntero NULL en el procesamiento de cabeceras HTTP Response X-Forwarded-For. Esto puede resultar en una denegación de servicio (DoS) para todos los clientes que empleen el proxy. • http://www.squid-cache.org/Advisories/SQUID-2018_2.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch https://github.com/squid-cache/squid/pull/129/files https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html https://usn.ubuntu.com/3557-1 https://usn.ubuntu.com/4059-2 https://www.debia • CWE-117: Improper Output Neutralization for Logs CWE-476: NULL Pointer Dereference •