Astra Linux - уязвимость в squid

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URNs due to incorrect buffer management. This issue has been fixed in version 6.4. To address this problem, disable URN access...

Astra Linux - уязвимость в squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a buffer-management bug, it allows for a denial of service. When resolving a request using the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CLSA-2026-1777539404 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CLSA-2026-1776879277 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2258 Malicious code in current-context-urn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-005214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005214 advisory. Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when...

MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...

Advisory ROSA-SA-2025-3092

Software: squid 3.5.20 OS: rosa-server79 unaffected versions = squid-3.5.20-17.0.9.res7.13 affected versions squid-3.5.20-17.0.9.res7.13 CVE-ID: CVE-2025-54574 BDU-ID: 2025-09345 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Squid proxy server is related to a buffer overflow in dynamic...

squid security update

7:3.5.20-17.0.9.13 - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling Orabug: 38587551 7:3.5.20-17.0.7.13 - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 7:3.5.20-17.0.5.13 - Fixed cv...

MAL-2025-149038 Malicious code in ursa-algol-ganymede-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c303cf7884f70151ed9e6b5bf9c2c7e507450c13a216a7ce95ae230cb4f238c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

TencentOS Server 2: squid (TSSA-2025:0788)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0788 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

EUVD-2019-4121

Malicious code in bioql PyPI...

EUVD-2025-23392

Malicious code in bioql PyPI...

Oracle Linux 7 : squid (ELSA-2025-14414)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14414 advisory. - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 Tenable has extracted the preceding description block directly from t...

squid security update

7:3.5.20-17.0.7.13 - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 7:3.5.20-17.0.5.13 - Fixed cve 2023-46846 for http and icap request/response smuggling Orabug: 37326730...

CLSA-2025-1757076749 Fix CVE(s): CVE-2025-54574

SECURITY UPDATE: Disable URN protocol access to prevent potential security vulnerabilities - debian/patches/CVE-2025-54574.patch: Add ACL rules to deny URN protocol access by default - CVE-2025-54574...

CLSA-2025-1757076677 Fix CVE(s): CVE-2025-54574

SECURITY UPDATE: Disable URN protocol access to prevent potential security vulnerabilities - debian/patches/CVE-2025-54574.patch: Add ACL rules to deny URN protocol access by default - CVE-2025-54574...