19 matches found
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
Information Disclosure
squid3 is vulnerable to information disclosure. The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication where nonce tokens that contain the raw byte value of a pointer that sits within heap memory allocation, reducing ASLR protections...
Amazon Linux 2 : squid (ALAS-2020-1486)
The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1486 advisory. An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive informatio...
CVE-2019-11191
The Linux kernel allows local users to bypass ASLR protections for setuid a.out programs when CONFIGIA32AOUT is enabled and ia32aout module is loaded, because installexeccreds is called too late in the loadaoutbinary in fs/binfmtaout.c. Due to this, the ptracemayaccess check may have a race...
USN-4213-1: Squid vulnerabilities
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...
CVE-2019-18679
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...
Information disclosure
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...
CVE-2019-18679
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...
squid -- Vulnerable to HTTP Digest Authentication
Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...
Ubuntu 16.04 LTS / 18.04 LTS : systemd vulnerabilities (USN-3855-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3855-1 advisory. It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could...
Ubuntu: Security Advisory (USN-3855-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2447-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2447-1 advisory. Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A...
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1)
An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine KVM paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2446-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2446-1 advisory. Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A...
USN-2446-1: Linux kernel vulnerabilities
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...
USN-2444-1: Linux kernel (OMAP4) vulnerabilities
Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service OOPS. CVE-2014-7826 Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary...
USN-1681-3: Firefox regression
USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memo...