Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URNs due to incorrect buffer management. This issue has been fixed in version 6.4. To address this problem, disable URN access...

GHSA-RHGJ-6G2C-FRMM @hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

PT-2026-48475

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

Astra Linux - уязвимость в squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a buffer-management bug, it allows for a denial of service. When resolving a request using the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CLSA-2026-1777539404 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CLSA-2026-1776879277 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2258 Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-005214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005214 advisory. Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when...

MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...

Advisory ROSA-SA-2025-3092

Software: squid 3.5.20 OS: rosa-server79 unaffected versions = squid-3.5.20-17.0.9.res7.13 affected versions squid-3.5.20-17.0.9.res7.13 CVE-ID: CVE-2025-54574 BDU-ID: 2025-09345 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Squid proxy server is related to a buffer overflow in dynamic...

squid security update

7:3.5.20-17.0.9.13 - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling Orabug: 38587551 7:3.5.20-17.0.7.13 - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 7:3.5.20-17.0.5.13 - Fixed cv...

MAL-2025-149038 Malicious code in ursa-algol-ganymede-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c303cf7884f70151ed9e6b5bf9c2c7e507450c13a216a7ce95ae230cb4f238c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

TencentOS Server 2: squid (TSSA-2025:0788)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0788 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

EUVD-2025-23392

Malicious code in bioql PyPI...

EUVD-2019-4121

Malicious code in bioql PyPI...

Oracle Linux 7 : squid (ELSA-2025-14414)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14414 advisory. - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 Tenable has extracted the preceding description block directly from t...