Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.46 views

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

9.8CVSS7.4AI score0.40982EPSS
Exploits0References8
Veracode
Veracode
added 2020/09/21 6:26 a.m.35 views

Information Disclosure

squid3 is vulnerable to information disclosure. The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication where nonce tokens that contain the raw byte value of a pointer that sits within heap memory allocation, reducing ASLR protections...

7.5CVSS0.6AI score0.40982EPSS
Exploits0References13Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/09/02 12:0 a.m.59 views

Amazon Linux 2 : squid (ALAS-2020-1486)

The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1486 advisory. An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive informatio...

7.5CVSS7.6AI score0.7179EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2020/04/04 5:25 p.m.30 views

CVE-2019-11191

The Linux kernel allows local users to bypass ASLR protections for setuid a.out programs when CONFIGIA32AOUT is enabled and ia32aout module is loaded, because installexeccreds is called too late in the loadaoutbinary in fs/binfmtaout.c. Due to this, the ptracemayaccess check may have a race...

2.5CVSS3.2AI score0.00495EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2019/12/04 5:28 p.m.116 views

USN-4213-1: Squid vulnerabilities

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...

9.8CVSS6.8AI score0.40982EPSS
Exploits0
OSV
OSV
added 2019/11/26 5:15 p.m.26 views

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

7.5CVSS7.3AI score
Exploits0References11
Prion
Prion
added 2019/11/26 5:15 p.m.30 views

Information disclosure

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

5CVSS8.6AI score0.40982EPSS
Exploits0References11Affected Software4
Cvelist
Cvelist
added 2019/11/26 4:14 p.m.29 views

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

8.7AI score0.40982EPSS
Exploits0References11
FreeBSD
FreeBSD
added 2019/11/05 12:0 a.m.32 views

squid -- Vulnerable to HTTP Digest Authentication

Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...

7.5CVSS1.2AI score0.40982EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/14 12:0 a.m.33 views

Ubuntu 16.04 LTS / 18.04 LTS : systemd vulnerabilities (USN-3855-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3855-1 advisory. It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could...

7.8CVSS7.3AI score0.02958EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2019/01/12 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-3855-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.02958EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.49 views

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2447-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2447-1 advisory. Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A...

7.8CVSS6.8AI score0.08579EPSS
Exploits17References12
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.71 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1)

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine KVM paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the...

7.8CVSS6.7AI score0.08579EPSS
Exploits7References9
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.62 views

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2446-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2446-1 advisory. Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A...

7.8CVSS6.9AI score0.08579EPSS
Exploits15References10
Ubuntu
Ubuntu
added 2014/12/12 7:43 a.m.99 views

USN-2446-1: Linux kernel vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...

7.8CVSS6.7AI score0.08579EPSS
Exploits15
Ubuntu
Ubuntu
added 2014/12/12 7:38 a.m.83 views

USN-2444-1: Linux kernel (OMAP4) vulnerabilities

Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service OOPS. CVE-2014-7826 Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a...

7.8CVSS6.8AI score0.0523EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2013/01/23 12:0 a.m.45 views

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary...

10CVSS9.3AI score0.73364EPSS
Exploits30References28
Ubuntu
Ubuntu
added 2013/01/22 5:19 p.m.115 views

USN-1681-3: Firefox regression

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill...

9.3AI score0.73364EPSS
Exploits30References1
Tenable Nessus
Tenable Nessus
added 2013/01/09 12:0 a.m.49 views

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memo...

10CVSS9.3AI score0.73364EPSS
Exploits30References28
Rows per page
Query Builder