Download
| Alert*
|
oval:org.secpod.oval:def:503739
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:503738 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:63499 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:66548 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:1601156 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter . Remote code execution may occur if the pooled token ... oval:org.secpod.oval:def:118223 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1801696 Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1 Fixed in version: Squid 4.11 and 5.0.2Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1 Fixed in version: Squid 4.11 and 5.0.2Affected versions: Squid 2.x -> 2.7.STABL ... oval:org.secpod.oval:def:1601140 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it"s being evaluated. When processing the expression, it could either evaluate the top of the st ... oval:org.secpod.oval:def:118215 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:118210 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:205567 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:1700356 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter . Remote code execution may occur if the pooled token ... oval:org.secpod.oval:def:1701761 A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The ... oval:org.secpod.oval:def:1502904 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705468 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:2500218 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1502896 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000270 This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication . - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, an ... oval:org.secpod.oval:def:89000275 This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses . - CVE-2020-11945: fixes a potential remote execution vulnerability w ... oval:org.secpod.oval:def:89000472 This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication . - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, an ... oval:org.secpod.oval:def:63525 Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:2105897 Oracle Solaris 11 - ( CVE-2019-12526 ) oval:org.secpod.oval:def:604842 Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:89000262 This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses - Fixed handling of hostname in cachemgr.cgi ... oval:org.secpod.oval:def:97559 [CLSA-2021:1632262221] Fixed 9 CVEs in squid34 |
